MPs call for jail sentences for data thieves

MPs have backed calls from information commissioner Christopher Graham for the government to introduce jail sentences for those found guilty of illegally accessing and passing on personal data.

Graham argued his case to the Justice Select Committee in September, claiming that it is ridiculous that those who breach the Data Protection Act (DPA) can still avoid prison.

"It beggars belief that, when more and more organisations have a right to our personal information, to access and process it, the courts do not have the full range of potential sentences to deal with an offence which can involve any of us," he said.

"This is not about celebrities' hospital appointments. This has the potential to wreck people's lives. Parliament cannot just sit back and watch this sort of thing happen."

The committee agreed with Graham's assessment, noting in its report that the current penalties for breaking section 55 of the DPA offer "no deterrent", and urged the government to introduce jail time for data thieves.

"We accept the information commissioner's argument that the issue of custodial sentences for section 55 offences is not exclusively, or even primarily, an issue relating to the media," the report said.

"The issue should be dealt with by parliament without waiting for the outcome of lord justice Leveson's inquiry. We urge the government to exercise its power to provide for custodial sentences without further delay."

Breaching section 55 of the DPA involves 'knowingly or recklessly, without the consent of the data controller, obtaining or disclosing personal data'. The maximum fine a magistrate can issue is £5,000, while a Crown Court can issue an unlimited fine.

The Information Commissioner's Office (ICO) recently highlighted a case in which an employee of Barclays Bank used her position to spy on the bank details of a customer who had accused her husband of a sex attack. In the end the employee was fined a paltry £800 by Brighton Magistrates' Court.