Information Commissioner repeats call for tougher sentences for data thieves

Information Commissioner, Christopher Graham has repeated his call for tougher sentencing powers for people convicted of stealing personal data.

These comments arose following the sentence handed down by Isleworth Crown Court on 8 January 2016, to a defendant who had pleaded guilty to stealing and selling approximately 28,000 customers’ records for £5,000. For more information on data protection offences and available defences, see Practice note, Data Protection Act 1998: criminal enforcement

The prosecution by the ICO was instigated when the defendant’s employer, a hire car company, contacted the ICO after their systems identified that the defendant was looking at large number of records, including many that the defendant would not have been expected to process.

A further defendant was fined at Manchester magistrates’ court after pleading guilty to buying the stolen data.

The Commissioner expressed his view that the court should have a broader range of penalties at its disposal when sentencing data protection offences under section 55(1) Data Protection Act 1998, including custodial and suspended sentences and community service. The current maximum penalty is an unlimited fine.

He said:

“With so much concern about the security of data, it is more important than ever that the courts have at their disposal more effective deterrent penalties than just fines. People who break the criminal law by trading in other people’s personal information need to know that they will be severely punished and could even go to prison. We’ve been pushing for this for some time. Parliament voted for it to happen more than seven years ago but it remains on a Westminster backburner. It is high time that changed.”

The defendant at Isleworth Crown Court was sentenced to a fine of £1,000, and ordered to pay a £100 victim surcharge and £864.40 prosecution costs. The sentence that the court imposed will of course reflect the reduction for a guilty plea , the defendant’s record and any mitigation that was submitted. It is not clear that even if the option to impose a custodial sentence was in place at the time, that it would have been appropriate in this case.

Source: ICO: Information Commissioner repeats call for stronger sentences for data theives

Practical Law Morag Rea

Leave a Reply

Your email address will not be published. Required fields are marked *