Do We Need Stronger Sentences For Data Theft?

The recent case of a woman being fined just £1000 for the illegal selling of 28,000 customer records has led to renewed calls from the UK’s Information Commissioner (ICO) Christopher Graham for custodial sentences for data theft. 

The Current Situation

As things stand now UK courts can issue unlimited fines but not custodial sentences.

This has long been a point of frustration for the Information Commission. In 2006 for example the then chief of the ICO, Richard Thomas said that low penalties only devalue data theft offences in the public mind and make them seem less serious.

The ICO’s campaign for more serious, custodial sentences go back even further to 2003 where a private investigator was found to have used deception to obtain the private details of individuals which he then sold to over 300 journalists (including the News of the World) but still escaped jail.

Why The Renewed Push?

Since taking over the ICO chief’s job 7 years ago Christopher Graham has been campaigning for jail sentences of up to 2 years for rogue company employees who illegally sell confidential information. The recent case of Enterprise Rent-A-Car Sindy Nagra, 42, from Hayes has however brought the issue of data theft sentencing back into sharp focus.

The Case

Nagra, who worked from home as administrative assistant, had photographed the records of almost 28,000 customers while they were on her computer screen. The details were of customers who had been involved in road traffic collisions, and Nagra was therefore able to sell the details to accident claims companies for £5,000.

Although Nagra pleaded guilty to unlawfully obtaining, disclosing and selling personal data, a criminal offence under section 55 of the Data Protection Act, besides losing her job she was only fined £100 victim surcharge and £864.40 prosecution costs.

For the ICO and other commentators this case has demonstrated how limited the UK courts are in being able to effectively deter and punish data criminals.

What About The Buyer?

In this case, even though the buyer of the illegal data (Iheanyi Ihediwa from Manchester), was caught and pleaded guilty to section 55 offences, he also was only fined £1,000, ordered to pay prosecution costs of £864.40 and a victim surcharge.

Prison Terms Needed Now Argues ICO

In a time where data theft is becoming so prevalent and is affecting more and more people plus where governments are making more noises about taking a harder line on cyber / data crime, the ICO argue that greater powers are needed by the courts now.

The ICO argues that tougher sentencing options have been on the “Westminster backburner” since Parliament voted for them to happen 7 years ago.