Even plans made with the best of intentions can go awry. In a speech made last week, Mark Hoban, a former Minister of State for Work and Pensions, floated the idea of combining previously separate personal financial information into a single database.
Mr Hoban argued that “It would be great if we could use the Retirement Saver Service to store data on their savings, pensions – state and private – and housing”. The idea is that it would give individuals a clearer idea of their current savings situation as well as helping to signpost any necessary action they would need to take in the future.
At the moment the regulatory framework simply isn’t good enough to ensure that another new database would be secure. The sanctions that are available for punishing those who misuse personal information and break the Data Protection Act 1998 are almost non-existent. At present the most any breach will receive is a fine, there is no option for a court to hand down a custodial sentence. When compared to the financial gains that can be made through selling the information on, a, usually small, fine cannot be considered to be an effective deterrent.
This is something that could and should be easily remedied. The powers to introduce prison sentences of up to three years for serious cases already exist, they just need to be used. By making this change the Government would show that it takes the privacy of its citizens seriously. It is a move that has been backed by the Information Commissioner’s Office, the Joint Committee on the Draft Communications Data Bill, Lord Leveson as well as the Home Affairs and Justice Select Committees.
The scale and regularity of data breaches make new, tougher sanctions even more necessary. In one case an ex-Barclays employee broke the Data Protection Act 23 times and was fined £2,990, this is just £130 per offence. In May it was revealed that officers and staff of the Metropolitan Police had been responsible for 300 serious data breaches.
Big Brother Watch has previously drawn attention to the scale of data protection issues in our reports Local Authority Data Loss and NHS Breaches of Data Protection Law. Once again we call on the Government to act to introduce stronger sanctions for individuals who illegally access and disclose personal information. Without much tougher penalties that can be enforced by the courts it would be irresponsible to even consider creating another database filled with extremely sensitive personal information.