The Data Protection Act 1998
The Data Protection Act 1998 governs the lawful processing of data and in section 55 prohibits the unlawful or reckless misuse of personal data.
The role of the Information Commissioner has been seen as promoting better processing of data in future. This is reflected in the powers that were originally given such as obtaining undertakings for better use.
Recently the Information Commissioner was given the ability to fine those in breach the Data Protection Act. There is now a consultation about the appropriate punishment for a breach of s55, when there is a knowing or reckless breach of the data protection principles, to include a custodial sentence.
The proposal is for a breach to be punishable by up to twelve months imprisonment on summary conviction or two years imprisonment on indictment. This would be an additional option for the courts over and above the current ability to impose a fine.
This is a consultation, which ends on 7 January 2010, and comments are being sought. It is likely that custodial sentences for breaches of s55 will be introduced. It shows a clear intent on the part of the government to improve protection of data and punish those that breach the data protection law.
If you have any questions regarding the issues raised in the article or the new regulations regarding defendant costs awards from central funds please contact Sarah Wallace on 0370 1500 100 or 020 7421 3883.