MPs demand tougher data-breach sanctions
Kablenet.com
Published: 03 Jan 2008 14:45 GMT
A group of MPs wants to see tougher sanctions for government bodies that commit serious breaches of data-protection law.
A report published on 3 January, 2008 by the Commons Justice Committee also calls for new reporting requirements under the Data Protection Act (DPA), as well as greater enforcement powers and improved funding for the Information Commissioner's Office (ICO).
Under current law, neither government departments nor agencies can be held criminally responsible for data-protection breaches.
The committee took evidence from the information commissioner, Richard Thomas, and his deputy, David Smith, in the wake of the HM Revenue & Customs' loss of two CDs containing personal and banking data from 25 million child-benefit claimants.
Revelations of other failings by the government to protect personal data have since come to light. Thomas also told the committee that a number of other organisations, both public and private sector, had approached his office, almost "on a confessional basis", to seek guidance on their own data-security problems.
The committee says in its report: "We are gravely concerned that this incident is not an isolated example except, perhaps, in terms of the scale of its impact, both because of the number of people involved and the sensitivity of the data.
Sentry Posts Blog
Guarding the network
What you need to know and what you and your peers have to tell us about security management in our new community group blog
"The warning which [Richard Thomas] issued in the summer about the dangers of mishandling personal data and the extensive security lapses in a wide range of organisations has been proved correct."
The MPs also welcomed the government's pledge to give the information commissioner greater powers to carry out unannounced spot checks on government departments, saying: "We hope this change of heart will lead to powers quickly being provided through legislation."
But the report also acknowledges Thomas's need for greater resources to carry out such duties.
Thomas told the committee: "We cannot even do spot checks of government departments on a de facto basis without the resources to do it. We have to provide the entire data-protection activities of my office on a budget of £10m a year."
The MPs call for the same basic data controller registration fee of £35 which is paid by individuals, small businesses, large private companies and government bodies to be scrapped and replaced with a graduated rate. This, says the report, would be "more suited to providing an adequate income for the policing of data protection".
Did you find this article useful?
1 out of 1 people found this useful
- Share this article:
