The Information Commissioner’s Office has called for significant improvements to data protection laws.
In response to a call for evidence from the Ministry of Justice, ICO said data protection frameworks needed to insist on a “more pragmatic approach to the regulation of international data flows”. It was addressing the UK’s Data Protection Act and a similar EU directive.
ICO reiterated calls for the introduction of jail sentences of up to two years for the worst offenders, after the request was turned down by former Labour justice secretary Jack Straw. The heaviest penalty at the moment is a £500,000 fine, which ICO has argued is not a strong enough deterrent in a number of cases.
While current data protection principles were essentially “sound”, there was room for “more clarity” on what constitutes personal data and when consent is needed to use data, ICO said.
There also needed to be a more modern framework to address changes in technology and the introduction of automated data processing systems, as well as the “changing nature of modern day business relationships” and how data protection roles are allocated differently from before within companies.
“The development of increasingly sophisticated information systems, mass information sharing and the online collection of personal information mean that data protection law is more relevant, and more needed, than ever,” ICO said in its response.
“We need to ensure that people have real protection for their personal information not just protection on paper" said David Smith, director of data protection at ICO.