Feeds

Only some data thieves face two-year prison threat

Paper files exempt

Next gen security for virtualised datacentres

The Government's planned two-year jail sentence for information thieves will not apply to people who steal or trade in personal information from most manual filing systems. Apart from some Government files, the penalties will only apply to electronic databases.

The Department of Constitutional Affairs (DCA) announced last week that it will introduce jail terms for information thieves and traders, following calls from the Information Commissioner to punish privacy breaches with jail time.

But the Information Commissioner's interpretation of a previous court ruling means the punishments will not apply to paper files. Michael Durant's was a landmark case in data protection, and part of that case involved paper-based, manual records systems.

"Following the Durant case the Information Commissioner said that most manual filing systems will not be covered by the Act," said Dr Chris Pounder, a privacy specialist at Pinsent Masons, the law firm behind OUT-LAW.COM.

"Manual records are not covered by section 55 DPA unless they are held in relevant filing systems," said a DCA spokeswoman. "Consequently, the new penalties will not apply to public authority manual files, but it should be noted that neither do the existing penalties."

The exclusion of most manual records systems was designed to alleviate the burden of cross referencing files in manual systems not designed for that purpose. Though it is easy to run a search for a person's name across a whole electronic database, it is much more difficult to find a reference to a person in an otherwise unrelated file without sophisticated cross referencing systems. Those sophisticated systems, known as relevant filing systems, are not exempt from the offences.

"If private data was taken from normal files this new offence wouldn't apply," said Pounder. This means that someone stealing or selling information from such systems would not be sent to jail under the just-announced rules.

"Some manual files are still protected, such as health, social work, housing and education records. Any other personal file, such as personnel records, are not," said Pounder.

The plans to jail offenders were announced last week by the DCA as amendments to the Data Protection Act (DPA). There is currently no jail term for the offences.

"People have a right to have their privacy protected from those who would deliberately misuse it and I believe the introduction of custodial penalties will be an effective deterrent to those who seek to procure or wilfully abuse personal data," said Lord Falconer, Secretary of State for Constitutional Affairs.

The penalties relate to an offence created by Section 55 of the DPA, which makes it an offence to sell or offer to sell personal data which has been obtained without the consent of the data controller.

"More than 300 journalists are implicated in this illegal activity," a spokesman for the Information Commissioner's Office (ICO) previously told OUT-LAW. "We have given them a clear warning that we will not hesitate to take action if they are suspected in future of committing offences."

"Information obtained improperly, very often by means of deception, can cause significant harm and distress to individuals," he said.

Earlier this year News of the World journalist Clive Goodman was jailed for intercepting mobile phone messages belonging to staff of the Royal Family. Goodman was jailed under the Regulation of Investigatory Powers Act (RIPA) in connection with the telephone interception, rather than the DPA, but Information Commissioner Thomas has said he wants any dealing in information to be punishable by a jail sentence.

The ICO's report, What Price Privacy Now?, revealed that most major newspapers had engaged in the buying of information from one raided investigations agency. The ICO published the names of the newspapers involved, and the list included broadsheet titles such as The Observer and The Sunday Times as well as red top tabloids.

Falconer said the new penalties were vital because data sharing is a major Government policy and people must feel their information is well protected.

"Greater data sharing within the public sector has the potential to be hugely beneficial to the public and is wholly compatible with proper respect for individuals' privacy," said Falconer. "One of the essential ways of maintaining that compatibility is to ensure the security and integrity of personal data once it has been shared."

The changes come following a consultation launched in July last year. That consultation proposed the two year jail sentences and closed last October. At the time, Falconer said the jail term would not apply to Government staff who make honest errors. He said the changes will not result in penalties for front-line public sector staff who, while sharing data for legitimate reasons, make an error of judgement.

Copyright © 2007, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Related links

Information Commissioner names and shames newspapers, OUT-LAW News, 14/12/2006
Privacy chief demands stiff sentence for snooping journalists, OUT-LAW News, 30/11/2006
Government mulls prison terms for privacy breaches, OUT-LAW News, 24/07/2006

The essential guide to IT transformation

More from The Register

next story
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
Detroit losing MILLIONS because it buys CHEAP BATTERIES – report
Man at hardware store was right: name brands DO last longer
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.