MPs call for criminalisation of data loss
MPs have called for the mishandling of personal information to be made a criminal offence.
Written in the wake of the loss of 25 million child benefit records by HM Customs and Revenue, a House of Commons’ Justice Committee report calls for the Information Commissioner to be given new enforcement powers over protection of private data, and for the strengthening of criminal penalties for significant security breaches.
The committee says that it is extremely concerned that there are more cases involving personal data loss by government bodies or contractors which are still coming to light and that the Information Commissioner’s warning this summer about the danger of extensive security lapses in a wide range of organisations have been proved correct.
“There is evidence of a widespread problem within government relating to establishing systems for data protection and operating them adequately,” the committee says.
In addition to calling for the criminalisation of “significant security breaches, where reckless or repeated”, the committee also proposes new reporting requirements that would require companies to report data losses.
It also wants to see the rapid implementation of the new enforcement powers for the Information Commissioner to conduct unannounced spot checks on government department’s data systems, and “proper” resources for the Office of the Information Commissioner, which currently receives only £10 million per year.
“The scale of the data loss by government bodies and contractors is truly shocking but the evidence we have had points to further hidden problems,” says Alan Beith, the committee’s chairman. “It is frankly incredible, for example, that the measures HMRC has put in place were not already standard procedure.”
He said that introducing criminal sanctions may help to concentrate minds. “Clearly, criminal sanctions are not the only ones you want to use. But perhaps the issue would be taken more seriously if there was a criminal offence at the end of the line.”
He added that the committee will continue to monitor the situation closely “to ensure that effective action is taken to protect information which is the property of members of the public”.