MPs call for tougher personal data abuse laws

Image caption, Data protection laws allow people to know what information is held on them

Courts should have the power to jail people who breach the Data Protection Act, MPs on the justice select committee have said.

They say fines - usually about 拢150 per breach - are an "inadequate" deterrent when the financial rewards for wrongdoing can be considerable.

Their report also warns the information commissioner lacks the powers to fully investigate personal data abuses.

The government said the issue of prison sentences would be kept under review.

'Great harm'

Sir Alan Beith, the Lib Dem chairman of the justice committee, said using deception to obtain personal information - known as blagging - or selling it on without permission, were "serious offences that can cause great harm".

"Magistrates and judges need to be able to hand out custodial sentences when serious misuses of personal information come to light," he said.

"Parliament has provided that power, but ministers have not yet brought it into force - they must do so."

The move would require the government to enact section 77 and 78 of the 2008 Criminal Justice and Immigration Act.

Currently, magistrates can impose fines of up to 拢5,000, and the crown court an unlimited fine. But, in practice, fines are much lower because judges have to take into account the defendant's ability to pay, the report says.

The report highlighted several cases in which the financial gain from data protection breaches had exceeded the penalty, including a nurse who passed on patient details to her partner who worked for an accident management company.

She was fined 拢150 per offence, but accident management companies pay up to 拢900 for a client's details.

It also noted a 2008 case in which two former British National Party members posted its membership list on the internet, after which a district judge at Nottingham Magistrates' Court said: "It came as a surprise to me, as it will to many members of the party, that to do something as foolish and criminally dangerous as you did will only incur a financial penalty."

Press behaviour

Information Commissioner Christopher Graham has long called for the courts to be given the power to impose custodial sentences, saying routine hacking and blagging of personal data by finance, debt collection and claims management firms was going untackled.

Last month, he said he feared any effort to increase the punishments would be delayed by the Leveson inquiry into press behaviour.

"The government should lose no more time in bringing in appropriate deterrent sentences to combat the unlawful trade in personal data," he said in reaction to the committee's report.

"We need action, not more words. Citizens are being denied the protection they are entitled to expect from the Data Protection Act."

Deputy Prime Minister Nick Clegg has suggested that jail sentences for people found guilty of "blagging" should be looked at in cases where information was clearly not obtained in the public interest.

Gordon Brown attempted to introduce prison terms of up to two years for the offence when he was in power but the law was never enacted amid concerns from newspaper bosses.

Daily Mail editor Paul Dacre said at the time that this would "have a truly chilling effect on good journalism".

The Ministry of Justice said it was keeping the issue "under review" and would study the committee's report with interest.

Data audits

The MPs' report also warned possible misuses of personal data were not being fully investigated because the information commissioner lacked sufficient powers.

Currently, he offers free data protection audits, but many organisations decline and not one insurance company has agreed to an audit, the report said.

Sir Alan urged ministers to examine how the commissioner could investigate cases of data abuse properly without increasing the regulatory burden on businesses.

The Data Protection Act 1998 gives people the right to know what information is held about them and to correct wrong information.

It also protects individuals' interests by obliging organisations to manage personal information appropriately.

The justice committee also welcomed the government's commitment to ban referral fees in personal injury compensation cases, which it said were a "powerful incentive" for organisations to pass on information without permission and encouraged unjustified claims.

But it said the ban should be extended to all referral fees paid by lawyers to third parties.