Data Protection Act Consultation
The Department for Constitutional Affairs has published a Public Consultation on proposed custodial penalties for breaches of Section 55 of the Data Protection Act 1998 (unlawful obtaining of data). The main questions asked are "should the maximum fine be raised?" and "is a jail sentence of up to 2 years the right length?". Consultation begins on 24 July 2006. Consultation ends on 30 October 2006 Consultation Document PDF
Consultation Questions
Question 1
Do you agree that custodial penalties should be available to the court when sentencing those who wilfully abuse personal data (i.e knowingly or recklessly obtain, disclose or seek to procure the disclosure of such data without the consent of the data controller?) Please give reasons for your answer.
Answer 1
Please add text here, don't worry about it being perfect - other people will edit it as well.
Yes I do. Wilfully abusing personal data can have serious social, economic and emotional consequences. To give an example: if a person was convicted of a serious crime such as rape, served there sentence and had been a 'good, upstanding citizen' for many years and was settled into a community. For that information to become freely available could cause the loss social standing and possibly cause the person to have to move from the area, losing their job etc...
Absolutely. To my mind those entities that have a vested interest in abusing personal data will consider this from the perspective of business risk management and will balance the potential benefits, costs and risks associated with compliance with the DPA. The introduction of custodial sentences will add more weight to the scales in favour of those whom the DPA sets out to protect. There are parallels here (as Bruce Schneier discusses) with protection of identity, security in the financial services industry: if financial service providers, rather than the consumer, are liable for the financial losses associated with identity theft, security breaches etc then they will invest more to avoid those losses. There is also an awareness angle to this too: that the association of more significant penalties sends a message that abuse of personal is a serious issue and one that the public should take seriously too
Question 2
Do you agree that custodial penalties will be an effective deterrent to those who seek to procure or wilfully abuse personal data (i.e knowingly or recklessly obtain, disclose or seek to procure the disclosure of such data without the consent of the data controller?) Please give reasons for your answer.
Answer 2
Please add text here, don't worry about it being perfect - other people will edit it as well.
Yes but there should be no amnesties or exemptions for civil servants who disclose personal data without authority, in fact they should be liable to double term sentences to act as a deterrent.
Yes, with the proviso that it is not just about establishing: it's about visible enforcement.
Question 3(a)
Do you agree that the custodial penalties are of the right length?
Answer 3(a)
Please add text here, don't worry about it being perfect - other people will edit it as well.
As far as I understand it, the proposal is to introduce a sentence of 2 years. I think this maximum is too low
Question 3(b)
If not, why not, and what do you suggest should be the maximum custodial penalty available to the courts (a) on summary conviction and (b) on conviction on indictment?
Answer 3 (b)
Please add text here, don't worry about it being perfect - other people will edit it as well.
The potential for mass breaches and that the impact of breaches can be significant dependent on the scenario. There should be more discretion for the judiciary to set the sentence in line with the magnitude of the breach.
Question 4
Do you agree that a guideline issued by the Sentencing Guidelines Council is necessary for this offence in England and Wales?
Answer 4
Please add text here, don't worry about it being perfect - other people will edit it as well.
Yes. It is important that sentencing is consistent.
Links
- DCA consultation on increased penalties for information traders and journalists under the Data Protection Act Spy Blog
- Consultation Document PDF
- Ministerial statement announcing the consultation paper Baroness Ashton of Upholland (Parliamentary Under-Secretary, Department for Constitutional Affairs)Office
- ORG blog post
- Data Protection Safeguards