But the problem was still there: poor control over stored recordings. It could have surfaced another way, like a law enforcement request for some suspect's recordings and being sent someone else's recordings.
So the regulation is not at fault here, "they created a process for getting previously locked up private data out of the company, which is prone to human error and / or intentional abuse" is the real problem.
So the regulation is not at fault here, "they created a process for getting previously locked up private data out of the company, which is prone to human error and / or intentional abuse" is the real problem.