Advertisement
Promo

Security threats Toolkit

MPs demand tougher data-breach sanctions

Kablenet.com

Published: 03 Jan 2008 14:45 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A group of MPs wants to see tougher sanctions for government bodies that commit serious breaches of data-protection law.

A report published on 3 January, 2008 by the Commons Justice Committee also calls for new reporting requirements under the Data Protection Act (DPA), as well as greater enforcement powers and improved funding for the Information Commissioner's Office (ICO).

Under current law, neither government departments nor agencies can be held criminally responsible for data-protection breaches.

The committee took evidence from the information commissioner, Richard Thomas, and his deputy, David Smith, in the wake of the HM Revenue & Customs' loss of two CDs containing personal and banking data from 25 million child-benefit claimants.

Revelations of other failings by the government to protect personal data have since come to light. Thomas also told the committee that a number of other organisations, both public and private sector, had approached his office, almost "on a confessional basis", to seek guidance on their own data-security problems.

The committee says in its report: "We are gravely concerned that this incident is not an isolated example — except, perhaps, in terms of the scale of its impact, both because of the number of people involved and the sensitivity of the data.

Sentry Posts Blog

Sentry Posts Blog
Guarding the network

What you need to know — and what you and your peers have to tell us — about security management in our new community group blog

Read more +

"The warning which [Richard Thomas] issued in the summer about the dangers of mishandling personal data and the extensive security lapses in a wide range of organisations has been proved correct."

The MPs also welcomed the government's pledge to give the information commissioner greater powers to carry out unannounced spot checks on government departments, saying: "We hope this change of heart will lead to powers quickly being provided through legislation."

But the report also acknowledges Thomas's need for greater resources to carry out such duties.

Thomas told the committee: "We cannot even do spot checks of government departments on a de facto basis without the resources to do it. We have to provide the entire data-protection activities of my office on a budget of £10m a year."

The MPs call for the same basic data controller registration fee of £35 — which is paid by individuals, small businesses, large private companies and government bodies — to be scrapped and replaced with a graduated rate. This, says the report, would be "more suited to providing an adequate income for the policing of data protection".

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
1 out of 1 people found this useful


Full Talkback thread

0 comments

Company/Topic Alerts

Create a new alert from the list below:








Video icon

Video

Sentry Posts Blog

Met will not reopen phone hack investi...

The Metropolitan Police will not reopen its investigation into alleged phone hacking by the News of the World. In a press statement delivered outside Scotland Yard on Thursday, Assistant... More

Post a comment

FUD over ChromeOS's security already?

It hasn't taken long for the security vendors to wake to the potential of Google's new ChromeOS. The potential that is, to create FUD – fear uncertainty and doubt. In a release today,... More

Post a comment

Feds take DDoS in their stride

The US Department of Homeland Security has said that a series of distributed denial-of-service attacks began on US government networks on 4 July. However, Amy Kudwa, deputy press... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

Newsletters