The Department for Constitutional Affairs has published a Public Consultation:
Increasing penalties for deliberate and wilful misuse of personal data [CP 9/06]
This paper sets out for consultation proposals to amend the Data Protection Act to allow for custodial sanctions for those convicted of offences under section 55 of the Act. The consultation is aimed at the general public and relevant organisations in the UK.
Consultation begins on 24 July 2006
Consultation ends on 30 October 2006
Download the consultation document (.pdf 34 pages)
Essentially the plan appears to be to raise the the current penalty of a fine, to a possible sentence of up to 2 years in prison.
The 2 year maximum penalty is not sufficient to make these offences Extraditable ones. Where is the "deterrence" to foreign based "phishing" criminals, or, for example, to the abusers of call centres, where UK companies have outsourced them overseas ?
Surely the the penalty should be at least 5 years, so as to make the offence fall withion the remit of the Serious Organsied Crime Agency, and to allow for the use of the Regulation of Investigatory Powers Act definition of a Serious Crime (the likleyhood of a first time offender getting a custiodial sentence of 3 years or more) ?
The DCA does not seem to be planning to change the "good faith" defence already in the current legislation.
We are very suspicious that the consultation paper mentions "selling details to journalists", but makes no attempt to strengthen the public's confidence and trust in civil servants, the police and other State employees or sub-contractors.
There should be higher criminal penalties, e.g. 10 years in prison, explicitly set out, to punish petty officials who exceed their authority in demanding or sharing our private data, even if they do not sell it for a profit.
Such abuse by petty officials should be treated as seriously as, for example, counterfeit currency offennces, for the same reason i..e. not so much any actual financial gain, but the matter of bringing the whole system into disrepute, and endangering the wider public trust and confidence in the system as a whole.
There is an utterly ridiculous and laughable "Partial Regulatiory Impact Assessment":
However, there have only been four DPA cases in the Crown Court in the last four years.
Overall potential cost increase
Taking all factors into account it is possible to reach an aggregated potential annual extra burden. Based on best and worst case scenarios the Legal Aid budget may increase by between £3,000 and £34,000. The best and worst case scenarios for prison and offender management expenditure lie between £5,500 and £35,800. If a single person were to receive a minimum sentence the aggregated total cost (legal aid plus custodial costs) in a best case scenario would
be £8,500. If a single person were to receive a maximum sentence in a worst case scenario the aggregated total cost would be £67,800. The potential future cost therefore lies between £4,000 (Legal Aid expenditure only and no custodial sentence) and £67,800 (maximum Legal Aid and maximum prison expenditure).
Who actually believes such figures, based on so few cases ?
The question that the DCA should be looking at is why has there been so little enforcement of the the existing Data Protection Act by the Office of the Information Commissioner ? One only has to look at all the internet bank "phishing" attacks or West African 419 advanced fee fraud scams to see that there should have been far more than 4 cases taken to the Crown Court.