PL&B UK E-news, Issue 73

1. Criminal penalty closer to becoming reality

The House of Lords adopted an amendment to the Criminal Justice and Immigration Bill at its third reading on 30 April that will, if adopted by the Commons, introduce a criminal penalty for disclosing personal information intentionally or recklessly.

The original amendment rejected by the Government was going to introduce a two-year prison sentence for buying or selling personal data.

The current amendment says: ‘A data controller must not intentionally or recklessly disclose information contained in personal data to another person, repeatedly and negligently allow information to be contained in personal data to be disclosed, or intentionally or recklessly fail to comply with [their] duties.’

The media has voiced its concerns over press freedom and freedom of speech. The Information Commissioner has addressed these concerns by stressing the public interest defence. He will also be publishing a Statement of Prosecution Policy, which very clearly recognises the importance of freedom of the press.

2. Consultation on data matching code finishes 30.5.08

The Audit Commission acquired a new statutory power in the Serious Crime Act 2007 to conduct data matching exercises for the prevention and detection of fraud, and is now preparing a Code of Practice on data matching, the consultation on which closes on 30 May.

The purpose of this Code is to help ensure that the Audit Commission and its staff, auditors and all persons and bodies involved in data matching exercises comply with the law, especially the provisions of the Data Protection Act 1998, and to promote good practice in data matching. It includes guidance on the notification process for letting individuals know why their data is matched and by whom, the standards that apply and where to find further information.

See the Audit Commission Draft Code

3. HMRC disciplined 192 staff over data breaches last year

In 2007, HM Revenue and Customs (HMRC) had to discipline or dismiss 192 of its workforce of 90,000 people. The incidents involved inappropriate access to personal or sensitive data.

Replying to a Parliamentary question on 30 April, the Treasury Financial Secretary, Jane Kennedy, revealed that 238 staff were disciplined at HMRC in 2005, and 180 in 2006. Kennedy also stated that since 2005, HMRC has had to report 11 data-security breaches to the Information Commissioner.

For further details on the Privacy Laws & Business UK Newsletter, please click here.

Copyright Privacy Laws & Business 2008