In the United Kingdom there is an Act of Parliament that seeks to protect the personal data of its citizens, it is the Data Protection Act 1998 (DPA).

The enforcer of the Act is the Information Commissioner’s Office (ICO). The ICO also has responsibility for other Acts of Parliaments, specifically the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

Within the Data protection Act, anyone who processes personal information must comply with eight principles, which make sure that personal information is:

  1.  Fairly and lawfully processed
  2.  Processed for limited purposes
  3.  Adequate, relevant and not excessive
  4.  Accurate and up to date
  5.  Not kept for longer than is necessary
  6.  Processed in line with your rights
  7.  Secure
  8.  Not transferred to other countries without adequate protection

The Justice Committee has recently produced a report on referral fees and the theft of personal data and concluded that the fines for breaching the Data protection Act needed to be tougher.

Sir Alan Beith, the Chair of the Justice Committee said:

“Using deception to obtain personal information – sometimes known as blagging – or selling it on without permission are serious offences that can cause great harm.

Fines are used to punish breaches of data protection laws, but they provide little deterrent when the financial gain exceeds the penalty.

“Magistrates and Judges need to be able to hand out custodial sentences when serious misuses of personal information come to light. Parliament has provided that power, but Ministers have not yet brought it into force – they must do so.”

Report on the Potential misuses of personal data
Potential misuses of personal data are also not being fully investigated, the MPs warn, because the Information Commissioner does not have the power to compel private sector organisations to undergo information audits. If the Commissioner had been able to compel audits of insurance companies and personal injury lawyers the issues around referral fees might have been identified and tackled sooner.

Sir Alan Beith MP added:

“The Information Commissioner’s lack of inspection power is limiting his ability to identify problems or investigate potential data abuses.

Ministers must examine how to enable the Commissioner to investigate properly without increasing the regulatory burden on business or the public sector.”

Report on Referral fees
The committee welcomes the Government’s commitment to ban referral fees in personal injury cases. The MPs call on Ministers to take into account the fact that referral fees reward a range of illegal behaviour. The report concludes that banning referral fees, together with custodial sentences for breaches of Section 55 of the Data Protection Act, would increase the deterrent and reduce the financial incentives for such offences.

Case studies quoted in the Justice Committee Report:

  1. In one case, a nurse was providing patient details to her partner who worked for an accident management company. A fine was imposed of £150 per offence, but accident management companies pay up to £900 for on client’s details.
  2. A woman whose husband had been jailed for sexual assault accessed the bank account details of the victim. The woman attempted to monitor the victim’s spending and social activities but was only fined £100 per offence.

Information Commissioner, Christopher Graham said:

“The Government should lose no more time in bringing in appropriate deterrent sentences to combat the unlawful trade in personal data. Lord Justice Leveson’s Inquiry into press standards should not be used as an excuse for inaction. The Ministry of Justice still has not given a response to the previous administration’s public consultation of two years ago. We need action, not more words. Citizens are being denied the protection they are entitled to expect from the Data Protection Act.

“We shouldn’t have to wait a further year for the 2008 legislation to be commenced when today’s highly profitable trade in our data has little if anything to do with the press.

“The Commissioner recently called for stronger powers of audit. The ICO is building a business case for the extension of Assessment Notice powers to parts of the private sector such as motor insurance and financial services as well as to the NHS and local government.

“I welcome the support of the Justice Committee”