The ICO Push For Prison Sentences For DPA Breaches

Yesterday the Information Commissioner Christopher Graham told the Justice Select Committee that serious breaches of the Data Protection Act (DPA) should warrant a prison sentence.

The call comes after the latest incident of an individual abusing their working position to obtain personal information. Sarah Langridge, a cashier at Barclays Bank, accessed the details of a sex attack victim; Mrs Langridge’s husband had been convicted of the offence. She stated she was trying to build up a picture of the woman who had accused her husband and accessed the victim’s bank account records on 8 separate occasions over the period in which her husband’s court case was ongoing. She accessed Mrs Langridge was fined £800 and made to pay £400 costs.

The Information Commissioner said about the case:

“The details of this case are truly shocking. The victim had a harrowing enough experience at the hands of her attacker; the revelation that her attacker’s wife was then rooting through all her personal details, for whatever purpose, would have caused even further distress”.

There has been a growing call for stronger punishments regarding breaches of the data protection act, especially in regards to individual’s personal information.

Graham continued “This crime has the potential to devastate ordinary people’s lives. The existing paltry fines are not enough to deter. It beggars belief that – in an age where our personal information is being stored and accessed by more organisations than ever – the penalties for seriously abusing the system still do not include the possibility of a prison sentence, even in the most serious cases.”

The Information Commissioner will push for changes in the law to introduce jail sentences for serious breaches of the DPA. Specifically, in regards to individuals, section 55 of the DPA states it is an offence to “knowingly or recklessly, without the consent of the data controller, obtain or disclose personal data.” Currently penalty is a maximum fine of £5,000 if a case is heard in a Magistrates Court and an unlimited fine in a Crown Court.

It seems inevitable that a change in the law in how DPA offences will be prosecuted. And, if you handle personal information in your business, you need to know how the DPA affects you; a breach of the DPA can happen accidently or unintentionally by the actions of staff. And the current level of punishment to businesses is far greater than to that of individuals, with the Information Commissioners Office having the power to fine up to £5000,000. Not to mention the brand damage and loss of business that can accompany a breach of the DPA.

IT Governance specialises in Data Protection and can help you and your business understand the requirements of the DPA. We offer a range of data protection information and tools including staff e-learning. You can read more about DPA compliance here >>>