Organisations that deliberately or recklessly commit
serious breaches of the Data Protection Act can now be fined by
theInformation
Commissioner's Office(ICO) following Royal
Assent to the Criminal Justice and Immigration Act
today.
David Smith, deputy information commissioner, said, "This change
in the law sends a very clear signal that data protection must be a
priority and that it is completely unacceptable to be cavalier with
people's personal information."
Earlier, the
ICO had called for jail terms for individuals and organisations
that deliberately disclosed or traded in private information.
"The prospect of substantial fines for deliberate or reckless
breaches of the Data Protection Principles will act as a strong
deterrent and help ensure that organisations take their data
protection obligations more seriously," Smith said.
Smith said the ICO would not be able to punish the worst
breaches of the Data Protection Act. "Tougher sanctions will help
to reassure individuals that data protection matters and give them
confidence that organisations have no choice but to handle personal
information properly," he said.
He said cross-party support shown in the passage of the act
showed a growing consensus on importance of effective data
protection.