News & publications

MPs on the justice select committee have issued a report stating that current punishments for individuals who obtain and sell personal data are inadequate. At present, magistrates courts are able to impose fines of up to £5000 and crown courts are able to impose unlimited fines. In practice, however, the fines imposed are significantly lower - often in the region of £150 per offence - as courts must take into account the offender's ability to pay. The financial gain from a data protection breach is often significantly more than the penalty imposed. Information Commissioner, Christopher Graham, has long called for courts to have the power to impose custodial sentences and has welcomed the report.

 

The private sector knows about their obligations - but do they care?

 

The Information Commissioner's Office has reported that nearly three quarters of private sector companies know about their data protection obligations - up 26% from last year - and yet this increased awareness had failed to translate into improved data protection compliance. Data protection breaches in the private sector have increased by 58% in the last year. The Commissioner's annual survey covered 806 businesses, both from the private and public sectors. These results were accompanied by a second survey of 1,241 individuals which revealed that confidence in the protection and appropriate processing of personal data remains low amongst the British public with 59% saying that they had concerns about data handling.

Intellectual property infringers have data protection rights too

 

The European Data Protection Supervisor has told the European Commission that more work needs to be done to address data protection issues before the Commission can create a centralised database of intellectual property infringers. The Commission wants to create a database of actions taken by the customs authorities of Member States against fake or unlicensed goods. The database will contain personal data related to alleged offenders. The European Data Protection Supervisor has advised that further consideration needs to be given to the time limit for retention of the personal data, and who will have the right to access and modify the data.