U.K. seeks tougher penalties for data loss

Under proposed new rules and legislation, organizations in the United Kingdom that lose people’s personal data could be hit with big fines, and government bodies could be subject to much stricter oversight of their efforts to protect such data.

The Information Commissioner’s Office (ICO) could fine organizations that display “deliberate or reckless loss of data,” according to proposed rules released Nov. 24. Central government departments and public authorities would also be subject to inspection without prior consent to ensure that they are complying with the Data Protection Act (DCA).

The actions come after several high-profile data losses for the U.K.'s government. In 2007, a database holding the records of 25 million people was copied onto several CDs and then lost in transit between government offices.

Then the records on all 84,000 prisoners in England and Wales were copied onto a USB thumb drive, which was lost.

Jack Straw, secretary of state for justice, said the proposals would strengthen ICO’s ability to enforce the DCA. “This is very important if we are to regain public confidence in the handling and sharing of personal information,” he said.

The rules would also:

* Require any individual to provide information necessary to determine DCA compliance.
* Impose a deadline and location for when and where that information would be produced.
* Publish guidance for when organizations should notify ICO about data breaches.
* Publish a statutory code of practice for sharing data.

In a related development, a bill recently introduced in Parliament would allow U.K. Information Commissioner Richard Thomas to implement some of the proposals by imposing fines on businesses for the "deliberate or reckless loss of data."

The legislation would also permit Thomas' office to spot-check central
government and local authorities for compliance with the DCA. It also calls for the U.K.'s information commissioner's office to publish rules on how and when organizations should notify it of data breaches.

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.


  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

  • IT Modernization
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    VA plans 'strategic review' of $16B software program

    New Veterans Affairs chief Denis McDonough announced a "strategic review" of the agency's Electronic Health Record Modernization program of up to 12 weeks.

Stay Connected