MPs have backed Information Commissioner Christopher Graham’s long-standing call that criminals who break data protection laws and obtain personal details by deception should face jail.
The Commons Justice Select Committee backed the move after Graham told them the current “paltry fines” were not enough.
In what will be seen as a red-letter day for the Commissioner, MPs also supported Graham’s call for private sector organisations to face “snap” information audits, saying such moves might have helped tackle the issues around the payment of referral fees sooner.
“We are concerned that the Information Commissioner’s lack of inspection power is limiting his ability to investigate, identify problems and prevent breaches of the Data Protection Act, particularly in the insurance and healthcare sectors,” the Committee said.
Committee chairman Sir Alan Beith said: “Using deception to obtain personal information – sometimes known as blagging – or selling it on without permission are serious offences that can cause great harm. Fines are used to punish breaches of data protection laws, but they provide little deterrent when the financial gain exceeds the penalty.
“Magistrates and judges need to be able to hand out custodial sentences when serious misuses of personal information come to light. Parliament has provided that power, but ministers have not yet brought it into force – they must do so.”
The move would require the Government to enact section 77 and 78 of the 2008 Criminal Justice and Immigration Act.
Currently, magistrates can impose fines of up to £5,000, and the Crown Court an unlimited fine. But, in practice, fines are much lower because judges have to take into account the defendant’s ability to pay, the report says.
Graham has long believed his powers are not adequate to deal with the seriousness of some offences. In March he reiterated his call for jail terms for offenders when giving evidence on the multimillion-pound trade to the Commons Home Affairs Committee. Graham said serious breaches of the Data Protection Act should carry a two-year prison sentence rather than a fine.
It was not the first time Graham had called for stiffer sentencing, but the recent of cases of data theft, including those at Sony PlayStation Network, TripAdvisor and US firm Epilson had brought the issue to the fore.
Related stories
Graham: ‘Bang up data thieves’
