The 2018 Data Protection Act (DPA) has not given the ICO the power to imprison people who breach it. The strongest penalties they can issue according to the DPA are fines, albeit very heavy ones.
However, last month the ICO used their powers in conjunction with the Computer Misuse Act (CMA), which resulted in a 6 month jail term for the offender.
The prosecuted person accessed and used (for personal gain) thousands of personal records without permission.
Usually this would have been prosecuted under the Data Protection Act, but in the first case of its kind, it seems that the ICO didn’t feel that the penalties available to it through the DPA were tough enough. They turned to the CMA, whose teeth are sharper.
This quote from Mike Shaw of the Criminal Investigations Team at the ICO explains:
“People who think it’s worth their while to obtain and disclose personal data without permission should think again.
Although this was a data protection issue, in this case we were able to prosecute beyond data protection laws resulting in a tougher penalty to reflect the nature of the criminal behaviour.
Members of the public and organisations can be assured that we will push the boundaries and use any tool at our disposal to protect their rights.
Data obtained in these circumstances is a valuable commodity, and there was evidence of customers receiving unwarranted calls . . .”
Not every case will be dealt with this way of course, however it is now more important than ever that your company and colleagues are aware of data protection laws, and follow them rigorously to protect the reputation of your company (and your employees out of prison!).
If you would like any specialist advice about how to handle data, or some training for your employees, please get in touch and we’ll be happy to help – 01673 885533.