ICO urges government to jail data thieves

Information commissioner Christopher Graham has again urged the government to take a tougher stance on data thieves by giving magistrates the power to jail those found guilty of breaching section 55 of the Data Protection Act (DPA).

The call comes after the Information Commissioner's Office (ICO) revealed details of a case in which an employee of Barclays Bank, Sarah Langridge, used her position to spy on the bank details of a woman accusing her husband of a sex attack.

The woman in the case recognised Langridge in court during the trial and contacted the bank and the police over concerns that her account may have been accessed illegally.

Police found that Langridge had accessed the woman's account on eight occasions, which she claimed was to find more information about the woman accusing her husband of the attack.

Brighton Magistrates' Court fined Langridge £800 and ordered her to pay costs of £400 and a £15 victim's surcharge.

Graham maintained that the sentencing underlined a clear and urgent need for stronger penalties to be available to magistrates to prosecute personal data thieves.

"It beggars belief that, in an age where our personal information is being stored and accessed by more organisations than ever, the penalties for abusing the system still do not include the possibility of a prison sentence, even in the most serious cases," he said.

"I note the outcome of this latest case and I remain concerned that the courts are not able to impose the punishment to fit the crime in all cases, because the current penalty for this all too common offence is limited to a fine."

It is currently an offence under section 55 of the DPA to "knowingly or recklessly, without the consent of the data controller, obtain or disclose personal data". The maximum fine a magistrate can issue is £5,000, while a Crown Court can issue an unlimited fine.

Graham is to appear before the Justice Select Committee on Tuesday to make his case for jail time to deter data thieves, at a time when the number of allegations under section 55 have risen 18 per cent in 2010/11 compared with 2008/09.

The ICO also referred to several previous cases in which the regulator had successfully brought prosecutions against individuals that had resulted only in fines, such as two employees from T-Mobile selling data on customers to other businesses.

The calls echo statements made by Graham in August when he said that those guilty of phone hacking should face tougher sentences to give the DPA more authority.