Prison sentences for data crimes 'vital'

THE UK's data protection watchdog has called for prison sentences for people found guilty of serious misuse of confidential personal information.
By The Newsroom
Published 5th Sep 2009, 01:00 BST

Information Commissioner Christopher Graham, who took up his post in June this year, dismissed the penalties currently available to judges under the Data Protection Act (DPA) as "pathetic" and said that legislation could be tightened to give them the option of custodial sentences by April next year.

His comments came after a judge said it was "ridiculous" that he could impose only a 200 fine on a former British National Party activist who published the party's membership list on the internet, leading to complaints of harassment and threats.

Hide Ad
Hide Ad

Graham said that another case earlier this year, when his office shut down a company running an illegal blacklist of construction workers, had also led to only a small fine for those responsible.

The derisory penalties for breaches of the DPA meant that private investigators who illegally obtain personal details including ex-directory phone numbers, car registrations, addresses and police records can simply write off any resultant fines against expenses. "I think for the most blatant and reckless examples of people playing fast and loose with private information, a custodial sentence is certainly appropriate," Graham said.

"The DPA is supposed to safeguard confidential personal information, but the penalties in the Act are simply inappropriate for the activities going on.

"There is a lively trade in confidential personal data and if the only thing you are going to get as a private investigator is a pathetic fine in the magistrates' court and even the judge is embarrassed to impose it, it is simply not enough."

Graham said he was preparing a dossier to persuade ministers to activate measures in last year's Criminal Justice Act which could "close down" the trade in personal information by providing the option of jail sentences in the worst cases.

"There are private investigators out there who find it very easy to blag information from data controllers, who should know better, by ringing up and impersonating people," he said.