In an earlier blog i suggested that if a private company had lost the sort of data lost by various government bodies has recently, their directors could face prosecution. Well under a proposed addition to section 55 of the Data Protection Act, that is exactly what could happen.
If the proposed legeslation voted through the House of Lords, is voted through the House of Commons individuals negligently disclosing personal data could be jailed for upto 2 years. The Justice Secretary would have to consult with the Information Commissioner’s office and other appropriate bodies before the penalty could be increased, in the same way that the second amendment works for people that deliberately trade in personal data.
If passed the amendment will remove exemptions from prosecution for government departments and certain crown officials that currently exist.
It is not yet clear what will constitute neglect, but guidelines suggest incorrect data protection procedures or use of unencrypted devices might constitute offenses.
Lord Erroll said “Data controllers need to wake up to the importance of personal data, whether in the public or the private sector”, and tory shadow home affairs minister James Brokenshire is quoted as having said “reckless handling of personal data by government officials should be made an offence”.