Feeds

Only some data thieves face two-year prison threat

Paper files exempt

Secure remote control for conventional and virtual desktops

The Government's planned two-year jail sentence for information thieves will not apply to people who steal or trade in personal information from most manual filing systems. Apart from some Government files, the penalties will only apply to electronic databases.

The Department of Constitutional Affairs (DCA) announced last week that it will introduce jail terms for information thieves and traders, following calls from the Information Commissioner to punish privacy breaches with jail time.

But the Information Commissioner's interpretation of a previous court ruling means the punishments will not apply to paper files. Michael Durant's was a landmark case in data protection, and part of that case involved paper-based, manual records systems.

"Following the Durant case the Information Commissioner said that most manual filing systems will not be covered by the Act," said Dr Chris Pounder, a privacy specialist at Pinsent Masons, the law firm behind OUT-LAW.COM.

"Manual records are not covered by section 55 DPA unless they are held in relevant filing systems," said a DCA spokeswoman. "Consequently, the new penalties will not apply to public authority manual files, but it should be noted that neither do the existing penalties."

The exclusion of most manual records systems was designed to alleviate the burden of cross referencing files in manual systems not designed for that purpose. Though it is easy to run a search for a person's name across a whole electronic database, it is much more difficult to find a reference to a person in an otherwise unrelated file without sophisticated cross referencing systems. Those sophisticated systems, known as relevant filing systems, are not exempt from the offences.

"If private data was taken from normal files this new offence wouldn't apply," said Pounder. This means that someone stealing or selling information from such systems would not be sent to jail under the just-announced rules.

"Some manual files are still protected, such as health, social work, housing and education records. Any other personal file, such as personnel records, are not," said Pounder.

The plans to jail offenders were announced last week by the DCA as amendments to the Data Protection Act (DPA). There is currently no jail term for the offences.

"People have a right to have their privacy protected from those who would deliberately misuse it and I believe the introduction of custodial penalties will be an effective deterrent to those who seek to procure or wilfully abuse personal data," said Lord Falconer, Secretary of State for Constitutional Affairs.

The penalties relate to an offence created by Section 55 of the DPA, which makes it an offence to sell or offer to sell personal data which has been obtained without the consent of the data controller.

"More than 300 journalists are implicated in this illegal activity," a spokesman for the Information Commissioner's Office (ICO) previously told OUT-LAW. "We have given them a clear warning that we will not hesitate to take action if they are suspected in future of committing offences."

"Information obtained improperly, very often by means of deception, can cause significant harm and distress to individuals," he said.

Earlier this year News of the World journalist Clive Goodman was jailed for intercepting mobile phone messages belonging to staff of the Royal Family. Goodman was jailed under the Regulation of Investigatory Powers Act (RIPA) in connection with the telephone interception, rather than the DPA, but Information Commissioner Thomas has said he wants any dealing in information to be punishable by a jail sentence.

The ICO's report, What Price Privacy Now?, revealed that most major newspapers had engaged in the buying of information from one raided investigations agency. The ICO published the names of the newspapers involved, and the list included broadsheet titles such as The Observer and The Sunday Times as well as red top tabloids.

Falconer said the new penalties were vital because data sharing is a major Government policy and people must feel their information is well protected.

"Greater data sharing within the public sector has the potential to be hugely beneficial to the public and is wholly compatible with proper respect for individuals' privacy," said Falconer. "One of the essential ways of maintaining that compatibility is to ensure the security and integrity of personal data once it has been shared."

The changes come following a consultation launched in July last year. That consultation proposed the two year jail sentences and closed last October. At the time, Falconer said the jail term would not apply to Government staff who make honest errors. He said the changes will not result in penalties for front-line public sector staff who, while sharing data for legitimate reasons, make an error of judgement.

Copyright © 2007, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Related links

Information Commissioner names and shames newspapers, OUT-LAW News, 14/12/2006
Privacy chief demands stiff sentence for snooping journalists, OUT-LAW News, 30/11/2006
Government mulls prison terms for privacy breaches, OUT-LAW News, 24/07/2006

Choosing a cloud hosting partner with confidence

More from The Register

next story
Bono apologises for iTunes album dump
Megalomania, generosity and FEAR of irrelevance drove group to Apple deal
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
10 Top Tips For PRs Considering Whether To Phone The Register
You'll Read These And LOL Even Though They're Serious
Stop ROBOT exploitation, cry striking Foxconn workers
HP downturn and automation eroding overtime on China's production lines
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.