ICO given stronger data protection powers

Lib-Dem's compromise gets data protection breaches on to the statute books

Organisations found guilty of data breaches will not face criminal prosecution but could face huge fines.

An amendment to the Criminal Justice and Immigration Act, concerning data breaches, has been watered down but it still gives the Information Commissioner’s Office (ICO) stronger powers.

Initially, the amendment tabled by the Liberal Democrats (Lib-Dems) aimed to have serious data breaches made a criminal offence. It was passed by the Lords at the end of last month, despite Government opposition.

However, in order to stop the House of Commons overturning this decision and throwing out the amendment, it has been downgraded to make deliberate or reckless breaches of the Data Protection Act a civil offence instead.

A spokesman for the Lib-Dems said: “The original intention was to make these breaches a criminal offence. However, we may have had it thrown out in the Commons. The Government wanted to get the Act through and was making concessions.

"It was felt that if the only way of getting the amendment on the statute books was by making it a civil offence there was a need to compromise."

This new legislation, even though it is less than originally called for, does give the ICO stronger sanctions. Under existing legislation the ICO only has powers to issue an enforcement notice against organisations in breach of the Act. Now it has the power to impose substantial fines on organisations that are found guilty of these offences.

David Smith, Deputy Information Commissioner, said: “This change in the law sends a very clear signal that data protection must be a priority and that it is completely unacceptable to be cavalier with people’s personal information.

“The prospect of substantial fines for deliberate or reckless breaches of the Data Protection Principles will act as a strong deterrent and help ensure that organisations take their data protection obligations more seriously.

“This new power will enable some of the worst breaches of the Data Protection Act to be punished. By demonstrating that the law is being taken seriously, tougher sanctions will help to reassure individuals that data protection matters and give them confidence that organisations have no choice but to handle personal information properly.

“The fact that strengthening the Data Protection Act has cross party support demonstrates the growing consensus on importance of effective data protection.”