The government is considering larger fines for breaches of the Data Protection Act.
According to justice and civil liberties minister Simon Hughes, the Information Commissioner could be given the right to fine those involved in the illegal trading of personal data and nuisance phone calls and texts larger amounts.
Speaking at the Information Commissioner's Office's Data Protection Practitioner Conference in Manchester, Hughes said: "Priorities include strengthening individuals’ information rights and guaranteeing the effective enforcement of these rights.
"We are committed to guaranteeing that the ICO has sufficient powers to enforce compliance amongst organisations and to punish those who commit serious breaches of the Data Protection Act.
"That is why in the last few weeks we have begun to review the sanctions available for breaches of the Act so we can decide whether to increase the penalties as the law permits."
In 2010, the maximum penalty that Ofcom could issue for silent and abandoned calls was increased from £50,000 to £2 million. In May 2011, a maximum penalty of £500,000 was introduced to allow the ICO to issue higher penalties in relation to unsolicited calls and texts under the Privacy and Electronic Communications Regulation (PECR).
Hughes said: "We are positively considering a proposal by the Information Commissioner to lower the threshold at which he can issue civil monetary penalties for breaches of PECR, from the very high bar of proving substantial damage and distress, to a lower bar of irritation and nuisance."
Hughes said the government had also conducted a consultation on extending the ICO’s powers of compulsory audits of NHS bodies. "This requires secondary legislation which we plan to introduce before the summer recess so that the power can come into effect by the autumn," Hughes said.
"We have chosen the NHS as it is one of the largest data controllers in the UK, processing huge amounts of sensitive personal data on a daily basis," he said.
"We will work closely with the ICO to monitor the effectiveness of these powers, before considering whether we might extend them to other sectors that process large amounts of personal data in their day to day business," Hughes added.