Feeds

Only some data thieves face two-year prison threat

Paper files exempt

Top three mobile application threats

The Government's planned two-year jail sentence for information thieves will not apply to people who steal or trade in personal information from most manual filing systems. Apart from some Government files, the penalties will only apply to electronic databases.

The Department of Constitutional Affairs (DCA) announced last week that it will introduce jail terms for information thieves and traders, following calls from the Information Commissioner to punish privacy breaches with jail time.

But the Information Commissioner's interpretation of a previous court ruling means the punishments will not apply to paper files. Michael Durant's was a landmark case in data protection, and part of that case involved paper-based, manual records systems.

"Following the Durant case the Information Commissioner said that most manual filing systems will not be covered by the Act," said Dr Chris Pounder, a privacy specialist at Pinsent Masons, the law firm behind OUT-LAW.COM.

"Manual records are not covered by section 55 DPA unless they are held in relevant filing systems," said a DCA spokeswoman. "Consequently, the new penalties will not apply to public authority manual files, but it should be noted that neither do the existing penalties."

The exclusion of most manual records systems was designed to alleviate the burden of cross referencing files in manual systems not designed for that purpose. Though it is easy to run a search for a person's name across a whole electronic database, it is much more difficult to find a reference to a person in an otherwise unrelated file without sophisticated cross referencing systems. Those sophisticated systems, known as relevant filing systems, are not exempt from the offences.

"If private data was taken from normal files this new offence wouldn't apply," said Pounder. This means that someone stealing or selling information from such systems would not be sent to jail under the just-announced rules.

"Some manual files are still protected, such as health, social work, housing and education records. Any other personal file, such as personnel records, are not," said Pounder.

The plans to jail offenders were announced last week by the DCA as amendments to the Data Protection Act (DPA). There is currently no jail term for the offences.

"People have a right to have their privacy protected from those who would deliberately misuse it and I believe the introduction of custodial penalties will be an effective deterrent to those who seek to procure or wilfully abuse personal data," said Lord Falconer, Secretary of State for Constitutional Affairs.

The penalties relate to an offence created by Section 55 of the DPA, which makes it an offence to sell or offer to sell personal data which has been obtained without the consent of the data controller.

"More than 300 journalists are implicated in this illegal activity," a spokesman for the Information Commissioner's Office (ICO) previously told OUT-LAW. "We have given them a clear warning that we will not hesitate to take action if they are suspected in future of committing offences."

"Information obtained improperly, very often by means of deception, can cause significant harm and distress to individuals," he said.

Earlier this year News of the World journalist Clive Goodman was jailed for intercepting mobile phone messages belonging to staff of the Royal Family. Goodman was jailed under the Regulation of Investigatory Powers Act (RIPA) in connection with the telephone interception, rather than the DPA, but Information Commissioner Thomas has said he wants any dealing in information to be punishable by a jail sentence.

The ICO's report, What Price Privacy Now?, revealed that most major newspapers had engaged in the buying of information from one raided investigations agency. The ICO published the names of the newspapers involved, and the list included broadsheet titles such as The Observer and The Sunday Times as well as red top tabloids.

Falconer said the new penalties were vital because data sharing is a major Government policy and people must feel their information is well protected.

"Greater data sharing within the public sector has the potential to be hugely beneficial to the public and is wholly compatible with proper respect for individuals' privacy," said Falconer. "One of the essential ways of maintaining that compatibility is to ensure the security and integrity of personal data once it has been shared."

The changes come following a consultation launched in July last year. That consultation proposed the two year jail sentences and closed last October. At the time, Falconer said the jail term would not apply to Government staff who make honest errors. He said the changes will not result in penalties for front-line public sector staff who, while sharing data for legitimate reasons, make an error of judgement.

Copyright © 2007, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Related links

Information Commissioner names and shames newspapers, OUT-LAW News, 14/12/2006
Privacy chief demands stiff sentence for snooping journalists, OUT-LAW News, 30/11/2006
Government mulls prison terms for privacy breaches, OUT-LAW News, 24/07/2006

Combat fraud and increase customer satisfaction

More from The Register

next story
EU: Let's cost financial traders $400m a day, because EVIL BANKERS. Right?
Wait 'til this one hits your pension fund where it hurts
Systems meltdown plunges US immigration courts into pen-and-paper stone age
Massive outage could last four weeks, sources claim
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
US Supreme Court supremo rakes Aereo lawman in oral arguments
Antenna-array content streamers: 'Ruling against us could dissipate the cloud'
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.