We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
MPs call for jail sentences in data breach cases

MPs call for jail sentences in data breach cases

ICO should also be able to force businesses to undergo information audits

Article comments

Harsher punishment, such as a prison sentence, should be delivered to criminals who breach the Data Protection Act, MPs on the Justice Committee has said.

They said that custodial sentences were required because the current fines imposed for data breaches – a maximum £5,000 is possible but in practice fines are much lower – were not enough of a deterrent.

Sir Alan Beith, the chair of the Justice Committee, said: “Using deception to obtain personal information – sometimes known as blagging – or selling it on without permission are serious offences that can cause great harm.

“Fines are used to punish breaches of data protection laws, but they provide little deterrent when the financial gain exceeds the penalty.

“Magistrates and judges need to be able to hand out custodial sentences when serious misuses of personal information come to light. Parliament has provided that power, but ministers have not yet brought it into force – they must do so.”

For example a nurse providing patient details to her partner who worked for an accident management company was only fined £150 per offence, even though such companies pay up to £900 for a client’s details.

The MPs also called for a strengthening of the Information Commissioner’s Office’s (ICO) power, to allow them to carry out compulsory information audits on private sector companies suspected of misusing personal data.

They claimed that had the ICO had this power, it would have been able to identify and deal with problems, such as the referral fees of insurance companies and personal injury lawyers, earlier.

“The Information Commissioner’s lack of inspection power is limiting his ability to identify problems or investigate potential data abuses.

“Minister must examine how to enable the Commissioner to investigate properly without increasing the regulatory burden on business or the public sector,” said Beith.

The MPs' report did not, however, make any recommendations for how the ICO could strengthen the sanctions against organisations who breach the Data Protection Act due to a lack of care or appropriate information controls.

Share:

Comments

Advertisement
Advertisement
Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open
* *