A committee of MPs has dismissed government denials that recent data losses were the result of individual failures and called for legislation to punish such reckless treatment of private data in future.
The Commons Justice Committee recommended the introduction of new offences so that a data controller could be charged for recklessly or intentionally disclosing, or obtaining, personal data.
The committee heard evidence from Information Commissioner Richard Thomas and others in the wake of the loss of 25 million private records by Her Majesty's Revenue and Customs.
MPs echoed fears raised by Thomas that there could well be further data breaches.
The committee also noted that government departments cannot currently be held responsible for data breaches.
The Commons Justice Committee said it hoped the government would increase inspection powers for the ICO so that it could carry out spot checks on government departments.
It also called for changes to how the Information Commissioner is funded. Currently, a basic fee of £35 is paid to register as a data controller regardless of the size or turnover of the business. The committee suggests a sliding scale of charges.
In conclusion, the select committee made three points: "There is evidence of a widespread problem within government relating to establishing systems for data protection and operating them adequately."
Secondly, "It is necessary to have a substantial increase in the powers given to the Information Commissioner to enable him to review systems for data protection and their application..."
Finally, the MPs noted the risks involved in wider information exchange between government departments: "The very real risks associated with greater sharing of personal data between government departments must be acknowledged in order for adequate safeguards to be put in place."
The justice committee page is here. ®