- Government proposes two year jail term for blagging
- No dramatic changes expected to ICO enforcement approach
- ICO takes enforcement action on unsolicited faxes
1. Government proposes two year jail term for blagging
Jail sentences for knowingly or recklessly obtaining, disclosing, or selling personal data could kick in as early as April 2010. The Government consultation, launched on 15 October, seeks views on the length of the custodial sentences, currently proposed to be a year’s imprisonment on summary conviction (conviction in a Magistrates’ Court, or in Scotland a Sheriff Court sitting without a jury, and/or a fine of up to £5,000) and two years on conviction on indictment (conviction in a Crown Court, or in Scotland either before a sheriff and jury or in the High Court, and/or an unlimited fine).
The Government notes that an advertisement indicating that personal data may be available for sale constitutes an offer to sell data.
It is unlikely that employees who mistakenly release information to “blaggers” would be guilty of an offence.
Subject to support for the custodial sentence, the Government also proposes a new public interest defence under section 55 relating to the purposes of journalism, art and literature.
The Government indicates that the ICO’s additional new powers, for example, monetary penalties and audits, will also enter into force in April.
The consultation runs until 07 January 2010. See http://www.justice.gov.uk/consultations/misuse-personal-data.htm
2. No dramatic changes expected to ICO enforcement approach
Christopher Graham, Information Commissioner, will aim to cooperate with organisations even when armed with stronger audit powers. Speaking at a data protection conference on 8 October, Graham said that any spot checks will involve the publication of results – but only after a Department’s response to ICO recommendations.
Although delighted with his new powers, the Commissioner will concentrate on raising awareness and education rather than fining organisations. The monetary fines that will be brought in under the Criminal Justice and Immigration Act 2008 are aimed to tackle serious breaches that have been committed knowingly, and have potential to cause damage or distress.
3. ICO takes enforcement action on unsolicited faxes
The Information Commissioner’s Office (ICO) has taken enforcement action against Ivor Cox, trading as Orion Forklift and Plant, following breaches of the Privacy and Electronic Communications Regulations (PECR). More than 1,700 complaints about the organisation were received by the Fax Preference Service (FPS).
Orion is now required to stop any unsolicited communications for direct marketing purposes within 35 days of the Enforcement Notice. This applies to people who have not provided their consent, have previously asked not to be called, or are registered with the FPS.
The ICO says that should the company fail to comply with the Enforcement Notice, they will not hesitate to take further action. Failure to comply would be a criminal offence and may lead to prosecution.
The Enforcement Notice, issued 24 September, is available at http://www.ico.gov.uk/
For further details on the Privacy Laws & Business UK Newsletter, please click here.
Copyright Privacy Laws & Business 2009