Information Commissioner Christopher Graham has demanded tougher new legislation to clamp down on the illegal trade in personal data, renewing his call for miscreants to be banged up in jail.
Giving evidence on the multimillion-pound trade to the Commons Home Affairs Committee, Graham said serious breaches of the Data Protection Act should carry a two-year prison sentence rather than a fine.
It is not the first time Graham has called for stiffer sentencing, but recent of cases of data theft, including those at Sony PlayStation Network, TripAdvisor and US firm Epilson have brought the issue to the fore. The committee is investigating the extent of mobile telephone tapping in the wake of the News of the World voicemail hacking scandal.
Graham was recently given the power to fine businesses in breach of the Act up to £500,000 but warned MPs that existing data protection law has become obsolete because of the way the Internet has evolved. He claimed changes were needed so offences are treated more seriously than the equivalent of “stealing office stationery”.
He told committee chairman Keith Vaz that illegal profits being made run into millions of pounds but added that the law on interception was drafted “for the wire tap age” and “we are now talking about the Internet, deep packet inspection and online behavioural advertising”.
Graham said existing law “is very, very unclear and very, very uneven” and the authorities were being forced to enforce “a patchwork regime for hacking and blagging and interception”.
Related stories:
PlayStation hack hits credit cards
Only 1% of data losses punished
Mothercare warns of spam attack