Data breaches won't be criminal offences

ICO given stronger data protection powers

Lib-Dem's compromise gets data protection breaches on to the statute books

Written by Dinah Greek

Computeract!ve, 09 May 2008

Organisations found guilty of data breaches will not face criminal prosecution but could face huge fines.

An amendment to the Criminal Justice and Immigration Act, concerning data breaches, has been watered down but it still gives the Information Commissioner’s Office (ICO) stronger powers.

Initially, the amendment tabled by the Liberal Democrats (Lib-Dems) aimed to have serious data breaches made a criminal offence. It was passed by the Lords at the end of last month, despite Government opposition.

However, in order to stop the House of Commons overturning this decision and throwing out the amendment, it has been downgraded to make deliberate or reckless breaches of the Data Protection Act a civil offence instead.

A spokesman for the Lib-Dems said: “The original intention was to make these breaches a criminal offence. However, we may have had it thrown out in the Commons. The Government wanted to get the Act through and was making concessions.

"It was felt that if the only way of getting the amendment on the statute books was by making it a civil offence there was a need to compromise."

This new legislation, even though it is less than originally called for, does give the ICO stronger sanctions. Under existing legislation the ICO only has powers to issue an enforcement notice against organisations in breach of the Act. Now it has the power to impose substantial fines on organisations that are found guilty of these offences.

David Smith, Deputy Information Commissioner, said: “This change in the law sends a very clear signal that data protection must be a priority and that it is completely unacceptable to be cavalier with people’s personal information.

“The prospect of substantial fines for deliberate or reckless breaches of the Data Protection Principles will act as a strong deterrent and help ensure that organisations take their data protection obligations more seriously.

“This new power will enable some of the worst breaches of the Data Protection Act to be punished. By demonstrating that the law is being taken seriously, tougher sanctions will help to reassure individuals that data protection matters and give them confidence that organisations have no choice but to handle personal information properly.

“The fact that strengthening the Data Protection Act has cross party support demonstrates the growing consensus on importance of effective data protection.”

Enjoyed this article? Help spread the word:

Comments

Reader comments for this story
Post your comment Post your comment   What is this?

Also read

Related articles

White papers

Related jobs

Most read

Most commented

Special Reports

Latest

Spotlight

Find a place in the sun with YP

May issue of Young Professional features a guide to living...

James Thompson, Ecosecurities CFO

Profile: James Thompson, CFO of Ecosecurities

James Thomspon couldn't have started his job at a worse...

Practice careers guide: big versus small

Is big really best or would working for a medium...

Find your next job

Find your next job
Salary Checker

Search white papers

Search white papers

Have your say

THE BIG QUESTION: IS YOUR JOB AT RISK?
Has the credit crunch made you fear for your job?
Yes, my company says jobs will go
Maybe, if things get worse, I could be hit
No, business is quite stable

Job of the week

More finance jobs...

Your next job