Information Commissioner Richard Thomas is set to gain tougher powers, if new government proposals are approved by parliament.
The proposals would enable Thomas to impose fines directly on individual data controllers in businesses for “deliberate or reckless loss of data”, and spot-check central government and local authorities for compliance with the Data Protection Act.
The Information Commissioner’s Office would also be able to obtain warrants that oblige individuals to provide information on compliance with the Act by a set deadline.
Guidance, on how and when organisations should notify the Information Commissioner of data protection breaches, may be published by the ICO, as well as a data sharing code of practice.
Announcing the proposals, justice secretary Jack Straw said the new measures would improve transparency and accountability. "As new technologies have developed, the secure storage and careful sharing of personal information held by both the public and private sectors has become paramount,” he said.
The government said funding for the ICO would also improve. Under proposals organisations would pay on a tiered fee, according to their size, as opposed to the current fixed notification fee.
The proposals are the result of a review by Richard Thomas and Professor Mark Walport of medical research charity the Wellcome Trust in July.
The ICO told Computerworld UK it welcomed the new proposals, adding that "they send a strong signal that data protection must be taken seriously".