Further calls for custodial sentencing for data breaches


A probation officer who disclosed a domestic abuse victims details to the alleged abuser has been fined £150 and ordered to pay court costs. Compare this to the fine of £300,000 that Tesco received for ‘false and misleading’ strawberry pricing, and it becomes very apparent just how inconsequential a fine of £150 actually is.

We have warned about lax attitudes to data protection in the past, highlighting the shockingly low reprimand and dismissal rate for data breaches. The fact that only a tiny fraction of staff are disciplined brings into question how seriously managers take protecting the privacy of their users and local residents.

Our reports on data breaches and the use of private investigators, as well as our submissions to the Leveson Inquiry and Joint Committee on the draft Communications Data Bill, have all called for the government to introduce custodial sentences for those found guilty of an offence under section 55, where personal data is obtained or accessed unlawfully. This stance is echoed by the Information Commissioner’s Office, the Home Affairs Select Committee, Lord Leveson, the Joint Committee on the draft Communications Data Bill and the Justice Select Committee.

In this case, the probation officer claimed that she handed over the victim’s full name, new address and date of birth, along with information about the investigating officer, as she believed that the suspect already knew all of this information. Her defence was that she wanted to avoid a case of mistaken identity. What is most concerning, is that this incident led to the victim to sever all contact from the police and other services involved after losing faith in the authorities. As a result, the investigation into the alleged perpetrator was dropped.

Data breaches can have irreparable and life changing consequences with the case showing that this was not just a breach of the Data Protection Act, but it also led to a police investigation of alleged domestic abuse being dropped. We call on the government to act to introduce tougher penalties for individuals who illegally access and disclose personal information. Without much tougher penalties that are enforced by the courts, this will certainly not be the last serious data breach that comes to light.