We are barely into 2014, yet we are faced with yet another serious data protection breach concerning a public sector computer. On this occasion, a police officer has been charged with stealing thousands of accident victims’ details from her police force’s computer and selling them to law firms
This case alone highlights that serious need for our courts to issue much tougher penalties for unlawfully obtaining or disclosing personal information, otherwise these cases will continue to occur.
A court has heard that Sugra Hanif accessed Thames Valley Police’s command and control computer to note down the personal details of members of the public involved in road traffic accidents, including the unique reference number each incident was given.
Along with two others, she set up a case management company to sell this information to firms of solicitors who would pay them for a referral fee for each case that led to a successful compensation claim. Each referral fee was said to be between £600 and £800 with the trio earning a total of £36,400 from the 2,456 cases stolen over an eleven month period. However, it was estimated that if all the data stolen had been converted into referral fees, they could have earned more than £1 million.
Currently, unlawfully obtaining personal data is punishable by a fine of up to £5000 in a magistrate’s court, or an unlimited fine at a crown court. Many people will be shocked to learn that people who have been caught illegally accessing other people’s personal information will face such minimal penalties. We have consistently warned about the vulnerability of our personal information and we support the ICO in wanting to see stiffer penalties introduced for section 55 breaches.
The Information Commissioner, Christopher Graham has warned that “Public confidence in the security of information held about them is the foundation on which all sorts of online services and developments depends. The public expects to see firmer action taken against people who break the rules in this area, and Parliament needs to recognise that.”
It is hardly surprising people choose to ignore the law when the penalties handed down are trivial. It is essential that people who deliberately set out to acquire personal information without permission face the prospect of a jail sentence if people’s privacy is to be protected. Equally, the companies paying these individuals should not be able to turn a blind eye to the methods of collecting the data. They are paying for information and should face the full force of the law if they do not take steps to ensure it was legally acquired.
The Information Commissioner is absolutely right that tougher penalties are needed urgently and Parliament should not delay in giving him the powers he needs to protect our privacy.