I'll leave the legal implications to someone else, but my gut feel is that in this circumstance there are very few, unless the information was acted upon.
In this particular circumstance, I would suggest it's down to the owner of the information to protect it - if it was on a floppy, it's not difficult to take it out ! Also, floppies are still a means by which viruses can infect PCs - I've not needed to use one for about 3 years to keep personal data on.
Generally, any company dealing with electronic data should have a security policy which is enforced - file permissions, authorisations and the like. To do otherwise is inviting theft of proprietary information, potential loss / destruction, and unauthorised access - who wouldn't want to know what the boss earns !