Organisations that deliberately or recklessly commit serious breaches of the Data Protection Act can now be fined by the Information Commissioner's Office (ICO) following Royal Assent to the Criminal Justice and Immigration Act today.
David Smith, deputy information commissioner, said, "This change in the law sends a very clear signal that data protection must be a priority and that it is completely unacceptable to be cavalier with people's personal information."
Earlier, the ICO had called for jail terms for individuals and organisations that deliberately disclosed or traded in private information.
"The prospect of substantial fines for deliberate or reckless breaches of the Data Protection Principles will act as a strong deterrent and help ensure that organisations take their data protection obligations more seriously," Smith said.
Smith said the ICO would not be able to punish the worst breaches of the Data Protection Act. "Tougher sanctions will help to reassure individuals that data protection matters and give them confidence that organisations have no choice but to handle personal information properly," he said.
He said cross-party support shown in the passage of the act showed a growing consensus on importance of effective data protection.