Data losers face jail and fines, says Jack Straw
Organisations that lose data face cash fines, tougher
inspections and even jail, if
proposals
from Justice Secretary Jack Straw to strengthen the Information
Commissioner's Office (ICO) come into force.
Large companies that register as data collectors face a price
hike to £1000 from a new tiered fee structure, rather then the £35
flat fee they pay today. This would give the ICO more money to
enforce data protection legislation, even though some smaller firms
might pay nothing.
Straw's proposals come as the
Home Office launches a consultation on how best to roll out a
registration process for the controversial national identity card
that
Scotland rejected last week.
They follow the recent disclosure that
the government lost dozens of data storage devices, ranging
from laptops to mobile phones and USB memory sticks last year, as
well as the names and personal details of some 35 million
citizens.
The proposals will enable the ICO to:
• fine data controllers for deliberate or reckless loss of
data
• raid central government departments and public authorities to
check compliance with the Data Protection Act without always
requiring prior consent
• say when organisations should notify the ICO of breaches of
the data protection principles
• publish a statutory data sharing code of practice to provide
practical guidance on sharing personal data.
Data controllers are already at risk of criminal charges. Where
data controllers ignore an ICO enforcement notice, "They are
committing a criminal offence and the ICO is able to take
appropriate action to force compliance with legislation", the
government said in its response to the
Data
Sharing Review.
The review, by Mark Walport and ICO boss Richard Thomas, was
published in July. The government commissioned it following
the loss last year of the names and bank details of 25 million
benefits recipients by the HM Revenue & Customs and
more than 200 other data breaches, notably by the military.
Straw said the secure storage and "careful sharing" of personal
information has become paramount. "Strong regulation and clear
guidance is essential if we are to ensure the effective protection
of personal data," he said.
He said the proposed changes would strengthen the ICO's ability
to enforce the Data Protection Act and improve the transparency and
accountability of organisations dealing with personal information.
"This is very important if we are to regain public confidence in
the handling and sharing of personal information," he said.
Government's moves to shore up data protection
The government has already taken steps to shore up data
protection under its own roof. This follows recommendations
published in July by Mark Walport and ICO boss Richard Thomas as
part of a
review
of state data sharing arrangements.
In its
response to Walport and Thomas, the government said all
government departments had reviewed and improved training on data
handling, or are doing so.
HM Revenue & Customs, which last year lost two discs that
held the names and bank details of 25 million benefits recipients,
is training around 90,000 staff, it said.
"The NHS also launched a training programme on information risk
in May, which will be available for more than one million NHS
staff," it said.
The Cabinet Office and the National School for Government were
developing an e-learning training module for all central and local
government departments and government agencies. It would be
deployed in autumn, it said.