ICO: Data thieves must face tougher punishments than fines
Information Commissioner calls for threat of prison sentences after rental car employee sells customer data
Criminals who steal people's personal data must face tougher punishments than small fines, according to the Information Commissioner's Office (ICO).
The data watchdog's renewed call for tougher punishments comes after a woman who sold 28,000 people's personal details to earn 5,000 was only fined 1,000 by a court.
Enterprise Rent-A-Car admin assistant Sindy Nagra, 42, from Hayes, sold the records for cash by photographing them on her computer screen while working from home.
Each customer had been involved in a road traffic collision, and details included those of the policyholder and their insurance claim.
Nagra pleaded guilty of breaching the Data Protection Act at Isleworth Crown Court, but despite being able to issue unlimited fines for the offence, on Friday the court only fined her 1,000, plus a 100 victim surcharge and 864.40 in prosecution costs.
Information Commissioner Christopher Graham said: "The fines that courts are issuing at the moment just don't do enough to discourage would-be data thieves.
"This fine highlights the limited options the courts have. Sindy Nagra got 5,000 in cash in return for stealing thousands of people's information. She lost her job when she was caught, and has no money to pay a fine, and the courts have to reflect that. But we'd like to see the courts given more options: suspended sentences, community service, and even prison in the most serious cases."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Currently courts cannot issue prison sentences for these kinds of criminal offences, and the person who purchased the records, Iheanyi Ihediwa, 39, from Manchester, was also only fined 1,000.
But Graham added: "With so much concern about the security of data, it is more important than ever that the courts have at their disposal more effective deterrent penalties than just fines.
"People who break the criminal law by trading in other people's personal information need to know that they will be severely punished and could even go to prison. Parliament voted for it to happen more than seven years ago but it remains on a Westminster backburner. It is high time that changed."