MPs make calls for stronger data controls

High profile incidents such as that at HMRC have lead to calls for stronger data legislation

A group of MPs is calling for stricter punishments and stronger legislation for data losses.

The calls follow high profile incidents late last year including the loss of sensitive computer discs by HMRC and a large number of driver details by the DVLA. Because of these incidents, which saw the loss of over 25m individuals' details, the Commons Justice Committee has called for new offences to be included in law, tighter controls over data handling, and heavier punishments for losses and breaches.

Following the HMRC (Her Majesty's Revenue and Customs) incident the Committee polled Richard Thomas, the information commissioner, on the state of data protection in the UK. Thomas told the group, "Recent security breaches—permitting the wrong people to access confidential information—provide a powerful illustration of the need to ensure that safeguards are achieved in practice. The roll call of banks, retailers, Government departments, public bodies and other organisations which have admitted serious security lapses is frankly horrifying."

In its report, the Committee recommends that a number of actions be taken to protect data and prevent losses. It suggests that the powers available to the Information Commissioners Office be strengthened – and adds that this is urgent, saying, "It is clearly important for the Information Commissioner to be given adequate support in order to carry out any wider role in connection with data protection which results from a change in the law. We note that [the Information Commissioner] already considers that his resources are at a minimum".

Once strengthened the ICO would be in a position to enforce the law more effectively, the Committee said, and ensure that firms had to reveal any data losses they have incurred as soon as possible.

It goes further too, suggesting that the Commissioner should have stronger enforcement powers. This would mean that any firms or organisations that repeatedly lose data, or mishandle it, would be subjected to much stronger laws and – ultimately - punishments.