By Nick Heath, 12 May 2008 10:57
NEWS
Anyone who recklessly loses personal data will face a "substantial" fine after the government created a new civil offence.
In a victory for data loss law campaigners, MPs backed the amendment to the Criminal Justice and Immigration Act to make it an offence for anyone to "intentionally or recklessly disclose information" or "repeatedly and negligently" allow information to be disclosed.
The Information Commissioner's Office welcomed the powers and said it would be a strong deterrent against companies losing personal data.
It marks a major milestone in silicon.com's Full Disclosure campaign calling for legislation to make companies or authorities that lose personal data accountable.
silicon.com's Full Disclosure campaign - what we are asking for...
silicon.com wants the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sectors.
We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers if there is a chance the breach has put individuals' sensitive personal data at risk.
We want to hear your views about this campaign and the issues it raises. Make your voice heard by leaving a Reader Comment below or emailing us at editorial@silicon.com.
David Smith, deputy information commissioner, welcomed the laws, saying in a statement: "This change in the law sends a very clear signal that data protection must be a priority and that it is completely unacceptable to be cavalier with people's personal information.
"The prospect of substantial fines for deliberate or reckless breaches of the data protection principles will act as a strong deterrent and help ensure that organisations take their data protection obligations more seriously. "
Liberal Democrat Lady Miller won support of the House of Lords for the proposed amendment to make reckless data loss a criminal offence, but this was changed to a civil offence when the criminal justice bill was approved by the House of Commons on Wednesday.
Miller said: "Until now data controllers in both public and private sectors got off scot free even if they were totally negligent with people's personal data."
She added: "The negligent loss of private information should now be treated with the seriousness it deserves."
The issue of public data loss shot into the public eye with the HMRC's loss of 25 million people's details on two CDs, which sparked a host of revelations about missing data in government and business.
Comments
There are 5 comments. Join the discussion
1. anonymous
Whilst I agree in principle with the new legislation, this is just another example of the British Governments approach to policy - do as we say not as we do.
I would like to know what penalties departments like the HMRC etc., will face. This legislation smacks of typical political hypocrisy.
2. Karen Challinor
and if government departments lose our personal data as they have done several times in the last year alone ?
massive fines for the department concerned ?
raps on knuckles for senior civil servants maybe ?
harsh words spoken to ministers in the corridors of power perhaps ?
anything at all ?
didn't think so
3. Radical Meldrew
Will this inhibit those public departments that are presently charging to release their record details to 'interested parties'? I doubt it...... this government would never overlook a nice little earner and will always find some way of sidestepping their own rules.
4. Jason Goodwin
The news that the ICO is now able to fine organisations who are reckless with personal information is very welcome, and long overdue. The increasing incidences of lost data, both in the public and private sectors, have been well documented and we've known for some time that there is a desperate need for more stringent protection of customer data. The fines should ensure that organisations finally take the need for strengthened internal data infrastructures seriously and, hopefully, put a stop to the careless mistakes that are currently happening far too often.
5. anonymous
If the ICO fines a government department, they in effect fine the tax payer who was probably the victim too.
I favour fining/criminalizing individuals of a certain seniority by whom the breach should have been prevented (but was not necessarily directly committed) and treating the offence with a similar level of punishment to fraud.