Who is responsible for the data though? The school? Or the cloud provider who actually, you know, has the data.
Also, how do you imprison a company?
British politicians have called for increased penalties for those who break the Data Protection Act 1988, including greater fines and even prison sentences for serious breaches.
The ministers that sit on the UK parliament’s justice select committee issued a report stating that the penalties at present are too lenient, and do not offer sufficient deterrent to those who financially gain from selling on information to advertisers or third-parties.
Members of the committee, who authored the report, want the Information Commissioner’s Office to gain wider powers, and enable private sector organisations to undergo information audits.
Google recently underwent a privacy policy audit as part of the UK’s investigation into the wireless data capturing controversy.
The Information Commissioner’s Office, the UK’s data protection agency, is tasked with ensuring the Data Protection Act 1988 — which stems from the European Data Protection Directive — is enforced by individuals, business and government.
The Information Commissioner, Christopher Graham, said in a press release: “I welcome the support of the Justice Committee”, adding:
“The Ministry of Justice still has not given a response to the previous administration’s public consultation of two years ago. We need action, not more words. Citizens are being denied the protection they are entitled to expect from the Data Protection Act.”
“We shouldn’t have to wait a further year for the 2008 legislation to be commenced when today’s highly profitable trade in our data has little if anything to do with the press”.
One consideration is the ‘hidden laws’ that many are unaware of.
In the case of colleges and universities outsourcing their students’ data to the cloud, academic institutions either knew of the legal implications of laws such as the Patriot Act but were outweighed by localised financial concerns, or were entirely ignorant of external laws and their subsequent breaches under UK and European data protection laws.
Businesses and private companies alike could face prosecution if the laws are clarified, changed or amended, as recommended by Parliament’s justice select committee, as in some cases data is taken outside of Europe without the data owner’s consent.
The knock-on effect would be huge for the UK economy, but data loss and breach of protection laws could offset the balance nonetheless.
Related:
- Background: Safe Harbor: Why EU data needs ‘protecting’ from US law
- Microsoft admits Patriot Act can access EU-based cloud data
- How universities got it so wrong over Patriot Act outsourcing
- Google passes Street View audit, but ‘must improve’ privacy policies
- ZDNet UK: Facebook braces itself for data protection audit
