Companies that treat data recklessly could be fined by the Information Commissioners Office (ICO) under legislation introduced today.
Following Royal Assent to the Criminal Justice and Immigration Act today, the privacy watchdog has been granted new powers to impose substantial fines on firms that deliberately or recklessly commit serious breaches of the Data Protection Act.
David Smith, deputy information commissioner said: “This change in the law sends a very clear signal that data protection must be a priority and that it is completely unacceptable to be cavalier with people’s personal information."
“This new power will enable some of the worst breaches of the Data Protection Act to be punished. By demonstrating that the law is being taken seriously tougher sanctions will help to reassure individuals that data protection matters and give them confidence that organisations have no choice but to handle personal information properly."
Late last month, the House of Lords backed an amendment to the Criminal Justice and Immigration Bill, which if backed by the House of Commons would criminalise anyone who "intentionally or recklessly discloses information" or "repeatedly and negligently" allows information to be disclosed in breech of the law.
The Information Commissioner’s Office has repeatedly called for more effective sanctions against organisations that fail to live up to their responsibilities under the Data Protection Act.
Information Commissioner Richard Thomas recently revealed that he received reports of 94 security breaches during 2007 and urged businesses and the public sector to make data protection a key concern.
Last year the Information Commissioner called on UK chief executives to take the security of employees’ and customers’ personal information more seriously following a number of ‘unacceptable’ security breaches.