The Information Commissioner’s Office (ICO) has claimed that new powers mean it is no longer a “toothless tiger”, and is pushing for prison sentences to be introduced for professional data thieves.
Speaking on the first day of the Infosecurity Europe conference in London on Tuesday, David Smith, ICO deputy commissioner, said that although the organisation had been granted new powers recently, it was keen for persistent and professional data thieves to be punished with jail sentences.
Smith identified groups including private investigators and internal employees who sell company data as targets for prison time. “Those who con information out of you, who work for you and/or sell information on the black market … all these are are criminal offences already but we argue they should be prison offences,” said Smith.
The ICO recently took part in a government consultation on the issue of prison sentences but said that the issue would have to be resolved by the new government.
“The government consulted us on this. That consultation finished in January and the government is still analysing the response to that consultation. Nothing will happen before the election and we will wait and see what happens,” he said.
However, the ICO’s plans to impose jail time on data thieves could face problems from potential cuts to public sector spending, with some of the parties hoping to scale back prison time for so-called minor crimes. The Liberal Democrats in particular oppose the building of new prisons. Writing in the Guardian last month, Liberal Democrat Shadow Home Secretary Chris Huhne said that prison was not the answer to curbing crime.
“Tories and Labour are pledging to send more people to prison for longer just because it sounds tough. Liberal Democrats would not build more prisons,” he wrote. “We are the only party brave enough to suggest that rigorous community sentences are more effective than short prison sentences.”
On the issue of the election and working with the future government, Smith said that data protection would continue to be a major issue for whichever party or parties got into power.
“We have a new government and I am a public servant so am not going to make any comment on that, “ he said. “All the parties mention things on information rights within their proposals and this will be an issue and is relevant to all parties whatever colour the government is – or if we have a multi-coloured government.”
Smith also reiterated that thanks to new powers – to levy a fine of up to £500,000 on organisations that fail to protect personal data – the ICO now has the ability to confound its critics. “We have got some more powers now and are no longer the toothless tiger or bulldog we have been described as,” he said.
But despite the new powers, Smith admitted that the ICO could be doing more to enforce its mandate. One audience member pointed out that, despite around 300,000 so-called “data controllers” being registered with ICO, only 900 incidents have been reported in the last two years.
“We don’t get as many reported as we would do if it was a mandatory scheme,” admitted Smith.
However there are plans to make some data breaches mandatory in the UK as part of a wider European directive. Telecoms companies will be required to report any data breaches and Smith indicated that this could be applied more generally in the future.
“Breach notification is currently voluntary but there is every prospect it will become a legal requirement,” he said. “The legislation is already there in the European directive and applies to telecommunications service providers. But within 18 months the UK will have to introduce breach notification legislation for ISPs and phone companies and other providers, and all the money is on that this will happen more generally too.”
But Smith also admitted that compulsory reporting of data incidents could also hamper the work of the ICO by flooding it with minor complaints which would provide less time to pursue the major incidents.
“If there is an obligation for all organisations to tell us about all breaches we will be swamped,” he said.
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…