Do We Need Stronger Sentences For Data Theft?
The recent case of a woman being fined just £1000 for the illegal selling of 28,000 customer records has led to renewed calls from the UK’s Information Commissioner (ICO) Christopher Graham for custodial sentences for data theft.
As things stand now UK courts can issue unlimited fines but not custodial sentences.
Why The Renewed Push?
Since taking over the ICO chief’s job 7 years ago Christopher Graham has been campaigning for jail sentences of up to 2 years for rogue company employees who illegally sell confidential information. The recent case of Enterprise Rent-A-Car Sindy Nagra, 42, from Hayes has however brought the issue of data theft sentencing back into sharp focus.
Nagra, who worked from home as administrative assistant, had photographed the records of almost 28,000 customers while they were on her computer screen. The details were of customers who had been involved in road traffic collisions, and Nagra was therefore able to sell the details to accident claims companies for £5,000.
Although Nagra pleaded guilty to unlawfully obtaining, disclosing and selling personal data, a criminal offence under section 55 of the Data Protection Act, besides losing her job she was only fined £100 victim surcharge and £864.40 prosecution costs.
For the ICO and other commentators this case has demonstrated how limited the UK courts are in being able to effectively deter and punish data criminals.
What About The Buyer?
In this case, even though the buyer of the illegal data (Iheanyi Ihediwa from Manchester), was caught and pleaded guilty to section 55 offences, he also was only fined £1,000, ordered to pay prosecution costs of £864.40 and a victim surcharge.
Prison Terms Needed Now Argues ICO
In a time where data theft is becoming so prevalent and is affecting more and more people plus where governments are making more noises about taking a harder line on cyber / data crime, the ICO argue that greater powers are needed by the courts now.