MPs call for stronger data protection laws
And more cash for ICO
A committee of MPs has dismissed government denials that recent data losses were the result of individual failures and called for legislation to punish such reckless treatment of private data in future.
The Commons Justice Committee recommended the introduction of new offences so that a data controller could be charged for recklessly or intentionally disclosing, or obtaining, personal data.
The committee heard evidence from Information Commissioner Richard Thomas and others in the wake of the loss of 25 million private records by Her Majesty's Revenue and Customs.
MPs echoed fears raised by Thomas that there could well be further data breaches.
The committee also noted that government departments cannot currently be held responsible for data breaches.
The Commons Justice Committee said it hoped the government would increase inspection powers for the ICO so that it could carry out spot checks on government departments.
It also called for changes to how the Information Commissioner is funded. Currently, a basic fee of £35 is paid to register as a data controller regardless of the size or turnover of the business. The committee suggests a sliding scale of charges.
In conclusion, the select committee made three points: "There is evidence of a widespread problem within government relating to establishing systems for data protection and operating them adequately."
Secondly, "It is necessary to have a substantial increase in the powers given to the Information Commissioner to enable him to review systems for data protection and their application..."
Finally, the MPs noted the risks involved in wider information exchange between government departments: "The very real risks associated with greater sharing of personal data between government departments must be acknowledged in order for adequate safeguards to be put in place."
The justice committee page is here. ®
Spot on, Peter
There's no point *fining* any corporate entity for any breach of any rules. All they will do is pass on the fine/costs to the the people who pay their wages (typically, Joe Public).
As Peter says, these rules won't work right until identifiable individuals can be held accountable - fined as individuals, or if necessary locked up. That should focus folks' attention. Pour encourager les autres, as they may (or may not) say in China where management occasionally receive the ultimate penalty for non-performance.
Martin Gregorie is entirely correct in his comments that the present laws simply need to be actually applied to Government agencies and bodies,because as usual they seem able to wriggle out of things and the Information Commissioner is a waste of time and effort as he does zilch about any complaint.
The only way to keep your data safe from government arrogance and stupidity is to keep it to yourself in the first place.
Personally I'd like to see a law that mandates that whenever a govt department loses someone's info, the senior managers are required to publish the corresponding info about themselves in the national press - at their expense, naturally.