Companies could be hit by much heftier fines for breaches of the Data Protection Act – with some individuals even facing jail – according to justice and civil liberties minister Simon Hughes.
Speaking at an Information Commissioner’s Office conference, Hughes confirmed that the Coalition is planning a major overhaul of the regulator’s powers.
He said: “Priorities include strengthening individuals’ information rights and guaranteeing the effective enforcement of these rights.
“We are committed to guaranteeing that the ICO has sufficient powers to enforce compliance amongst organisations and to punish those who commit serious breaches of the Data Protection Act.
“That is why in the last few weeks we have begun to review the sanctions available for breaches of the Act so we can decide whether to increase the penalties as the law permits.”
In 2010, the maximum penalty that Ofcom could issue for silent and abandoned calls was increased from £50,000 to £2m. In May 2011, a maximum penalty of £500,000 was introduced to allow the ICO to issue higher penalties in relation to unsolicited calls and texts under the Privacy & Electronic Communications Regulation (PECR).
Hughes said: “We are positively considering a proposal by the Information Commissioner to lower the threshold at which he can issue civil monetary penalties for breaches of PECR, from the very high bar of proving substantial damage and distress, to a lower bar of irritation and nuisance.”
Hughes has already praised Christopher Graham for “arguing eloquently for the introduction of custodial penalties for serious misuse of personal data”, leading many commentators to claim it is a “done deal”.
And he said the Government had also conducted a consultation on extending the ICO’s powers of compulsory audits of NHS bodies. “This requires secondary legislation which we plan to introduce before the summer recess so that the power can come into effect by the autumn.
“We will work closely with the ICO to monitor the effectiveness of these powers, before considering whether we might extend them to other sectors that process large amounts of personal data in their day to day business.”
Retailers in blue-chip hacking probe
ICO stands firm on blue-chip theft
ICO to probe rogue private eyes
Data security expose hits top firms
Lenient data theft sentence vilified
MPs back ‘lock up data thieves’ call
Graham: ‘Bang up data thieves’