Much of the recent discussion of EQC’s privacy issues has a glaring semantic error which is colouring the story. Most notably, they mostly describe the two recent incidents as “leaks”. This is a very incorrect usage of this term. When you accidentally e-mail a file to the wrong recipient, and it contains private or personal information, what you have is a privacy breach.
When you deliberately e-mail a file with the intent of either revealing the information to a concerned party without official authorisation, or with the intent of creating publicity around an issue, that is a leak.
Privacy breaches require preventative action and are usually not a cause for individual censorship, unless there is good policy in place to prevent the breach, and can often be a matter of systems or workplace culture enabling human error. Leaks are more about the motivations and intent of the individual who performed the leak, and may not even be a bad thing overall, if done with care and for an overriding ethical reason that is not adequately weighted in official policy. For example, what the recipient of the most recent breach is threatening to do by releasing the information to media, that is actually a leak.