Lord Erroll: Data controllers must wake up to importance of data
Lose data and you go to jail
08 May 2008, Tom Young, Computing
Individuals who negligently disclose personal data could be jailed for up to two years under legislation voted through by the House of Lords last week.
A proposed addition to section 55 of the Data Protection Act (DPA) which also covers data controllers in the public sector would make it a criminal offence to lose personal information.
Lord Erroll, who voted on the amendments, said it would help prevent more breaches such as HM Revenue and Customs’ loss of 25 million families’ details.
“Data controllers need to wake up to the importance of personal data, whether in the public or the private sector,” he said.
A second amendment voted through which gives the Justice Secretary the power to increase the penalty for deliberately trading in personal data to a two-year prison sentence will also apply to those who negligently lose data.
The Justice Secretary would first have to consult with the Information Commissioner’s Office (ICO) and other “appropriate” bodies before the penalty is increased.
The amendments part of the Criminal Justice and Immigration Bill still need to be approved by the House of Commons, but Tory and Liberal Democrat support is expected to help see them through.
If passed, they will also remove specific exemptions from prosecution under the DPA for government departments and certain other Crown officials.
The Act will continue to be policed by the information commissioner. It is not yet clear what will constitute “intentionally, knowingly or recklessly disclosing personal data” as specified by the amendment, but ICO guidelines suggest incorrect data protection procedures and unencrypted devices might constitute offences.
An ICO spokeswoman said the office was disappointed at not being able to levy penalties directly for Section 55 offences as first proposed, but that the amendment was a step forward.
“We would have preferred the clause to remain unchanged, but we understand that the Justice Secretary will be able to introduce prison sentences if illegal activity continues,” she said.
Tory shadow home affairs minister James Brokenshire said he would welcome moves for “the reckless handling of personal data by government officials” to be made an offence.
Reader comments
© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
yet another un-needed law
If you took your office desk home with you and lost it somewhere, wouldn't that be a crime? Theft? Why do we need a new law for every new instance of misbehaviour when existing laws cover it well enough.
I do believe many more white collar folks need to do jail time. Let's face it, if some bloke had stolen an empty flash drive from one of the white collar boys, he'd be facing jail time. What's the difference who takes or who loses what they have taken. You are responsible for your own actions, and there should be even-handed consequences for all. Of course, I'll not live that long.
Posted by: Wandering 09 May 2008
Sharing responsibility for Data Protection
The seventh principle of the Data Protection Act is that: "Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."
IT professionals are already finding it tough to implement and maintain a plethora of IT solutions to address evolving data security threats. Vital projects are frequently competing for IT budget and resources.
In my experience organisational measures, such as the effective communication of policies and procedures and training of employees, have a greater potential to affect people's actual behaviour. Therefore better habits are acquired and risks truly minimised.
Automated solutions which ensure the timely distribution of new and revised policies and procedures, so that they are read, accepted and proved to be understood make policy compliance affordable for all organisations, however large and dispersed its workforce may be.
I think it is high time that all departments within every organisation recognise that data security is a shared responsibility, which demands a collective response, and dare I say, shared budget. In this way simple, yet effective cross-function interventions are less likely to be overlooked, as large IT project roll-outs take precedent.
Posted by: Dominic Saunders 21 May 2008
hahaha
Brilliant!!! If this law is active or comes into effect, it's going to be priceless. Not only are we scrutinised already by goverment policy, some of which don't officially exist, but now you can go to jail for loosing a laptop...deliberately?
What complete tosser thought of that one, they must have a goverment place dedicated to making silly ideas, oh yea, spin doctoring...lol
Now we all face jail, amongst the hardened criminals, murderers and those that stole your laptop in the first place...all because someone decided we are reponsible at every occasion.
I can see it now, sitting in the cell with the same guy that stole your laptop in the first place...that would be irony to the max
Posted by: Stephen 27 Jun 2008