The Ministry of Justice has once again dropped plans to increase penalties against those who recklessly or deliberately misuse personal information. As part of its response to the Data Sharing Review, the Ministry of Justice proposed enhanced powers for the Information Commissioner’s Office and new penalties for abuse of personal data. These were largely welcomed by all parties (with most debate around whether the penalties needed to go even further), and a public consultation was held last year to explore views on the subject.
However, last week Justice officials revealed to a CBI meeting that they do not intend to put legislation in front of Parliament before the election, citing insufficient time to do so. This seems odd, seeing as there is plenty of other legislation still going through (such as electoral reform), and it is important that the next government sends a strong message of commitment to building trust by pushing through penalties at the earliest opportunity.
As for the real reason for backing down on legislation? Well, a lot of articles refer to the likes of ‘data thieves’ and ‘hackers’ who abuse personal data. But they’re not the real problem here – the issue is the public authorities and private companies that simply cannot be bothered to set in place proper security and acceptable usage controls, and allow staff to run riot with personal data without any form of governance or oversight. And why would the government want to bring in tough new legislation just before an election when many of the greatest data culprits likely to attract the wrath of the ICO are its own officials? As Data Sharing Czar Sir Bonar Neville-Kingdom points out – “We cant jail data offenders. Through no fault of their own, some of the ‘offenders’ might be perfectly innocent Civil Servants!”