The information commissioner has called on the government to fight off attempts by certain sectors of the media to limit the courts' ability to jail people who deliberately disclose others' personal details.
Richard Thomas, the information commissioner, called on the government to retain Clause 76 of the Criminal Justice and Immigration Bill, which is currently going through parliament. Clause 76 would let courts jail anyone convicted of the existing offences of buying or selling personal data.
Thomas said, "There have been powerful last-ditch efforts to get Clause 76 removed from the Bill. [On the other hand] there has been widespread support for the government's decision to strengthen the law. If data protection is to be taken seriously, it is vital that the government and other parties should stand firm against any possible amendments."
Thomas said he was pleased that government was now taking data protection, and the need to prevent security breaches, more seriously.
He said, "This is the government's first legislative opportunity after recent data losses to demonstrate its seriousness in safeguarding people's personal information.
"If there is a change of heart on legislation aimed at deliberate security breaches, the government will find it hard to convince people that measures aimed at preventing data loss need to be taken seriously."
He noted concerns in some quarters of the media, but said responsible journalists have nothing to fear if they could show they were acting in the public interest.
Thomas called for a jail term for people convicted of disclosing or obtaining personal details without consent in his 2006 report to parliament, What Price Privacy? The proposals were modelled on the National Identity Cards Act 2006, which provides for up to two years' jail for anyone who illegally discloses information from the National Identity Register (NIR), even though the NIR will not contain individuals' sensitive health and financial details.
The information commissioner also published new guidance aimed at organisations that experience a security breach involving personal information. It highlights the importance of reporting breaches to the ICO, especially where large volumes of information or sensitive data that could harm the individuals are involved.