British MPs call for prison sentences over data protection breaches

British MPs call for prison sentences over data protection breaches

Summary: UK Parliament's justice select committee's latest report suggests breaches in data protection law should be bolstered and include prison sentences for serious offences.


British politicians have called for increased penalties for those who break the Data Protection Act 1988, including greater fines and even prison sentences for serious breaches.

The ministers that sit on the UK parliament's justice select committee issued a report stating that the penalties at present are too lenient, and do not offer sufficient deterrent to those who financially gain from selling on information to advertisers or third-parties.

Members of the committee, who authored the report, want the Information Commissioner's Office to gain wider powers, and enable private sector organisations to undergo information audits.

Google recently underwent a privacy policy audit as part of the UK's investigation into the wireless data capturing controversy.

The Information Commissioner's Office, the UK's data protection agency, is tasked with ensuring the Data Protection Act 1988 -- which stems from the European Data Protection Directive -- is enforced by individuals, business and government.

The Information Commissioner, Christopher Graham, said in a press release: "I welcome the support of the Justice Committee", adding:

"The Ministry of Justice still has not given a response to the previous administration's public consultation of two years ago. We need action, not more words. Citizens are being denied the protection they are entitled to expect from the Data Protection Act."

"We shouldn't have to wait a further year for the 2008 legislation to be commenced when today's highly profitable trade in our data has little if anything to do with the press".

One consideration is the 'hidden laws' that many are unaware of.

In the case of colleges and universities outsourcing their students' data to the cloud, academic institutions either knew of the legal implications of laws such as the Patriot Act but were outweighed by localised financial concerns, or were entirely ignorant of external laws and their subsequent breaches under UK and European data protection laws.

Businesses and private companies alike could face prosecution if the laws are clarified, changed or amended, as recommended by Parliament's justice select committee, as in some cases data is taken outside of Europe without the data owner's consent.

The knock-on effect would be huge for the UK economy, but data loss and breach of protection laws could offset the balance nonetheless.


Topics: Data Centers, Data Management, Storage

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: British MPs call for prison sentences over data protection breaches

    Who is responsible for the data though? The school? Or the cloud provider who actually, you know, has the data.

    Also, how do you imprison a company?
    • RE: British MPs call for prison sentences over data protection breaches

      @Aerowind There is always a "data controller". See ZDNet's Patriot Act series -- can't link to it from here -- and look at Part 3, which will explain all.
    • How do you imprison an company?

      If it's a corporation, you imprison the responsible officers. Otherwise, you imprison the owner(s).
      John L. Ries
  • RE: British MPs call for prison sentences over data protection breaches
  • Put murdoch in jail

    since he is one of the biggest hackers on the planet.
    Reality Bites
    • Yes, no doubt

      @Reality Bites ... is there no racketeering law there, or CCE (continuing criminal enterprise) law?
  • Real punishment

    Punishment of a person will not stop a company, they will just claim he/she was solely responsible and carry on as before. Fixed monetary fines are not fair as a small company will go bust for a minor breach and a multi national will just regard it as operating expenses. Proper punishment is a fine which is all or a large proportion of annual profits then the shareholders will make the company behave.
    • Punishment of a person might not stop a company...

      ...but it will discourage employees from committing crimes on the company's behalf.

      Personally, I find dissolution or revocation of licenses, combined with forfeiture of assets, and imprisonment of the responsible officers an appealing punishment for corporations convicted of felonies.
      John L. Ries
  • RE: British MPs call for prison sentences over data protection breaches

    I love this. The government will have to lock itself up after hitting itself with MASSIVE fines because they are the BIGGEST source of unlawful data breaches that exist and are getting worse each year.