This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy



SUMMER SALE - 20% off new publication subscriptions

ICO seeks criminal penalties, probes bank data breaches

The UK Information Commissioner's Office (ICO) is seeking criminal penalties for security breaches following the loss of personal data on up to 25 million individuals by HM Revenue & Customs, and is investigating the sale of personal financial details of individuals on the internet.

UK Information Commissioner, Richard Thomas, addressed the House of Commons Justice Committee on 4 December to press for additional powers he claims are required to crack down on data breaches. This includes prosecutions and the ability to carry out 'spot checks' on public and private sector organisations.

A spokesperson for the ICO confirmed that a variety of issues were discussed to encourage organisations to "take data protection seriously", including the possibility of a US-style reporting duty on UK organisations.

The ICO and the Metropolitan Police are investigating evidence provided by The Times newspaper on 30 November relating to more than 100 websites trafficking British bank account details, a fraudster offering to sell 30,000 British credit card numbers for less than £1 each and a British 'e-passport' for sale.

The Times reported on 3 December that it was able to download for free financial data relating to 32 people, including a High Court deputy judge. The data included private account numbers, PINs and security codes.

The investigation follows the recent loss of two computer discs containing the personal and financial details of up to 25 million individuals and 7.25 million families by HM Revenue & Customs - the biggest data security breach in British history.

The discs, which have yet to be recovered, went missing whilst being sent to the National Audit Office. The incident is now the subject of an independent review being carried out by Kieran Poynter of Pr icewater houseCoopers, taking into account the ongoing investigation being carried out by the Metropolitan Police into the breach. The initial findings are due to be reported by 14 December.

'It is ...important that the law is changed to make security breaches of this magnitude a criminal offence. At the moment I can take limited enforcement action, but making this a criminal offence would serve as a strong deterrent and would send a very strong signal that it is completely unacceptable to be cavalier with people's personal information', said Thomas in a statement following Prime Minister's questions on 21 November.

Search Journal Archives



Our publication archives contain all of our articles, dating back to 2004.
Canít find what you are looking for?
Try an Advanced Search

Log in to Data Protection Law & Policy
Subscribe to Data Protection Law & Policy
Register for a Free Trial to Data Protection Law & Policy
E-Law Alerts
Data Protection Law & Policy Pricing
The Insider Threat
Cookie Consent Guide - DataGuidance

Social Media

Follow Data Protection Law & Policy on TwitterView Data Protection Law & Policy LinkedIn ProfileData Protection Law & Policy RSS Feed