The UK Ministry of Justice (MoJ) Home Affairs Committee published - on 6 July 2012 - its Report recommending tougher penalties under Section 55 of the Data Protection Act 1998 to deter 'unscrupulous private investigators who are the dealers in an illegal market in personal information'. The Report states that the current penalty - which is commonly a fine of around £100 - is 'derisory and simply not an effective deterrent.'
A representative from the Information Commissioner's Office (ICO) told DataGuidance that the ICO welcomes the proposed amendments, as it has continually called for tougher powers to prosecute individuals committing Section 55 offences. The Information Commissioner, Christopher Graham, stated: ''There is a need for a more appropriate range of deterrent punishments to be made available to the courts. The contrast is striking in the penalties for blagging under the Fraud Act on the one hand and under the Data Protection Act on the other. There must be no further delay in introducing tougher powers to enforce the Data Protection Act, otherwise unscrupulous individuals will continue to see a mere fine as a price worth paying.''
© 2013 Cecile Park Publishing Ltd. All rights reserved
Currently, breach of section 55 of the Data Protection Act is punishable only by a fine of up to £5000 in the Magistrates' Court and has no limit in the Crown Court. However, the Report stated that cases rarely reach the Crown Court and fines imposed so far have been very low, taking into account the defendant's means. The Report recommends Theresa May, the UK Home Secretary, exercise her power under Section 77 of the Criminal Justice and Immigration Act 2008 to strengthen these penalties.
As acquisition, storage and use of personal information is governed by both the Data Protection Act 1998 and the Regulation of Investigatory Powers Act 2000, the Report also recommends that in the short term the offices of the Information Commissioner, the Chief Surveillance Commissioner and the Interception of Communications Commissioner be co-located, with a statutory requirement to cooperate in cases where both legislation applies. However in the longer term, it proposes that all three offices be merged into a single Office of the Information and Privacy Commissioner.