In this section: Free Weekly Update - Keep up-to-date with our free e-bulletin.
Home > Headlines > Story

04/01/2008 - Headlines - Security

Data loss 'should be a criminal offence'

Handcuffed at computer Officials in the public and private sectors should face criminal charges if they put people's data security at risk through carelessness or impropriety, an influential group of MPs said today.

Managers should also be obliged to report losses of data and other breaches to the Government's information watchdog. The recommendations, in a report by the Justice Committee, could encounter fierce opposition from firms that deal with large amounts of personal information.

Fears over data security have been fuelled by a series of scandals, including the loss by HM Revenue and Customs of 25 million people's child benefit records.

The MPs warned that the massive HMRC breach was not an "isolated example", and there was evidence of a "widespread problem within Government relating to establishing systems for data protection and operating them adequately".

They urged Prime Minister Gordon Brown to rush through plans to give Information Commissioner Richard Thomas powers to carry out unannounced "spot checks" on procedures in firms and Whitehall departments.

The report also backed Mr Thomas's call for new laws which would punish those who put people's details at risk.

Custodial sanction

"There is currently no criminal offence of a data controller (such as a private business or a Government department) intentionally or recklessly disclosing personal information," the MPs wrote.

"Furthermore, the current criminal offences only cover individuals and non-Governmental bodies or organisations; Government departments or agencies cannot be held criminally responsible for data protection breaches."

A Ministry of Justice spokeswoman said: "The Government takes data protection seriously and welcomes the report of the Justice Committee.

"The Government identified the need to strengthen the UK's data protection framework before the HMRC data loss. It commissioned the Thomas/Walport Review in October 2007.

"Parliament is currently considering proposals to amend section 60 of the Data Protection Act through the Criminal Justice and Immigration Bill. This will provide a custodial sanction as well as the existing fines for those found guilty of unlawfully obtaining or disclosing personal data."