ICO calls for prison sentences for use of stolen data

He is calling for an effective deterrent to the "routine trashing of individuals' rights" under the Data Protection Act, according to according to Bloomberg.

The Information Commissioner's Office (ICO) proposed a two-year prison term in 2006 after investigating the sale of stolen personal data to journalists.

The then chief of the ICO, Richard Thomas, said that low penalties devalue the offence in the public mind and mask the seriousness of the crime, but lawmakers failed to act in the face of press opposition.

Newspapers claimed the move would stifle free speech, but Graham said the phone hacking scandal at News of the World should persuade the UK government to take action, he told Bloomberg.

Graham, who has pushed for a custodial sentence since taking office in 2009, said in an interview in London that the idea of sending journalists to jail for using stolen data may find more support following the phone-hacking scandal.

But most violations of the Data Protection Act are by employees who sell addresses, phone numbers and other personal information held by government agencies, telecommunications companies, financial institutions and health trusts, he said, and jail sentences should be introduced for those crimes as well.

Liz Fitzsimons, senior associate at international law firm Eversheds, said the ability to impose jail sentences on those guilty of the worst abuses of other people's privacy rights should be carefully reviewed again, alongside the current consultation on the penalty charge regime, to ensure there are truly effective deterrents to discourage such behaviour.

"This should not be simply because of the current News of the World issues, which may turn out to have been a historic practice rather than an ongoing issue, but because privacy abuses still appear to be widespread, with cases in the last year being reported in the health sector and telecoms sector too," she said.

The ICO's campaign for jail terms goes back to a 2003 probe into a private investigator who used deception to obtain the private details of targeted individuals.

The probe found that the private investigator had sold details to more than 300 journalists, including some at News of the World.

This story was first published by Computer Weekly

What’s hot on Infosecurity Magazine?