U.K. mulls prison sentences for data misuse

The maximum penalty for data misuse is set to become two years’ imprisonment, if new government plans come into effect.

The plan, which is now open to consultation, marks a toughening of the government’s stance on the issue, for which there is currently a maximum penalty of a £5,000 fine. The penalty relates to individuals found guilty in a court of law to obtaining, disclosing, or selling personal data, in a reckless and unlawful manner.

For those found guilty in a Crown Court, the maximum sentence will be two years in prison, and the maximum for Magistrates’ Court cases is 12 months. The courts will also be able to impose tougher fines or community sentences.

More from IT World Canada – Instant messaging accelerates data theft

The public consultation is open until 7 January 2010.

Last year, a British naval officer landed in hot water after he lost a laptop containing personal information on about 600,000 people.

Earlier this year, a report by U.K.-based security vendor that 88,000 FTP credentials, including those of Symantec and McAfee, were stolen by a Trojan, illustrated that enterprise data security is often neglected.

Michael Wills, justice minister, said that the reckless misuse of personal data was a “serious criminal offence”, and that the threat of prison sentences “would act as a strong deterrent”.

“We have been monitoring this illegal trade closely with the help of the Information Commissioner and as there is a great deal of concern about the protection of personal data we think the time has now come to consider a more robust penalty.”

The government insisted it did not want to restrict the freedom of the press. It will look at introducing additional measures to protect journalists obtaining information “in the public interest”, it said.

The Information Commissioner’s Office welcomed the news. A spokesperson said that the current fines were “paltry” and the penalty needed to be made tougher.

Jamie Cowper, EMEA marketing director at data encryption supplier PGP Corporation, added that the existing penalties acted as “no deterrent to professional data thieves who can potentially make ten to twenty times more than this by selling their ill gotten gains to the highest bidder”.