Outlawed: Reckless loss of data

Anyone who recklessly loses personal data will face a "substantial" fine after the government created a new civil offence.

In a victory for data loss law campaigners, MPs backed the amendment to the Criminal Justice and Immigration Act to make it an offence for anyone to "intentionally or recklessly disclose information" or "repeatedly and negligently" allow information to be disclosed.

The Information Commissioner's Office welcomed the powers and said it would be a strong deterrent against companies losing personal data.

It marks a major milestone in silicon.com's Full Disclosure campaign calling for legislation to make companies or authorities that lose personal data accountable.

silicon.com's Full Disclosure campaign - what we are asking for...

silicon.com wants the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sectors.

We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers if there is a chance the breach has put individuals' sensitive personal data at risk.

We want to hear your views about this campaign and the issues it raises. Make your voice heard by leaving a Reader Comment below or emailing us at editorial@silicon.com.

David Smith, deputy information commissioner, welcomed the laws, saying in a statement: "This change in the law sends a very clear signal that data protection must be a priority and that it is completely unacceptable to be cavalier with people's personal information.

"The prospect of substantial fines for deliberate or reckless breaches of the data protection principles will act as a strong deterrent and help ensure that organisations take their data protection obligations more seriously. "

Liberal Democrat Lady Miller won support of the House of Lords for the proposed amendment to make reckless data loss a criminal offence, but this was changed to a civil offence when the criminal justice bill was approved by the House of Commons on Wednesday.

Miller said: "Until now data controllers in both public and private sectors got off scot free even if they were totally negligent with people's personal data."

She added: "The negligent loss of private information should now be treated with the seriousness it deserves."

The issue of public data loss shot into the public eye with the HMRC's loss of 25 million people's details on two CDs, which sparked a host of revelations about missing data in government and business.