Governments, your files, and privacy (or lack of)

From today's Chronicle Herald at least 2700 (probably many more if I'm reading correctly) Canadian tax files were distributed in a CRA security breach.

Further it seems an employee giving CDs full of private and confidential information away

is among dozens in which tax agency workers have breached security rules, many of them snooping on other Canadians, including ex-spouses, mothers-in-law, creditors and others by reading confidential tax files.

I highly doubt Canada is the only country to have this sort of thing happen and I also doubt it's limited to merely tax files. Putting that aside;

Should we hold the agencies themselves accountable for the actions of their employees? It seems CRA does have standard encryption and security protocols which were not followed, as such I wonder if merely having protocols is truly due diligence. I understand that the records must be stored for a time in case they need to investigate something later, but how can we balance this with protecting people's right to privacy? Given that (for the forseeable future) humans are always going to be involved in managing these things is privacy and security even really possible?

Merely having protocols isn't going to do any good if they aren't enforced. If the agency was not enforcing the policies they had implemented to prevent this, then they're at least partially responsible for it happening.

You can't protect your information from insiders.