U.K. seeks tougher penalties for data loss

Under proposed new rules and legislation, organizations in the United Kingdom that lose people’s personal data could be hit with big fines, and government bodies could be subject to much stricter oversight of their efforts to protect such data.

The Information Commissioner’s Office (ICO) could fine organizations that display “deliberate or reckless loss of data,” according to proposed rules released Nov. 24. Central government departments and public authorities would also be subject to inspection without prior consent to ensure that they are complying with the Data Protection Act (DCA).

The actions come after several high-profile data losses for the U.K.'s government. In 2007, a database holding the records of 25 million people was copied onto several CDs and then lost in transit between government offices.

Then the records on all 84,000 prisoners in England and Wales were copied onto a USB thumb drive, which was lost.

Jack Straw, secretary of state for justice, said the proposals would strengthen ICO’s ability to enforce the DCA. “This is very important if we are to regain public confidence in the handling and sharing of personal information,” he said.

The rules would also:

* Require any individual to provide information necessary to determine DCA compliance.
* Impose a deadline and location for when and where that information would be produced.
* Publish guidance for when organizations should notify ICO about data breaches.
* Publish a statutory code of practice for sharing data.

In a related development, a bill recently introduced in Parliament would allow U.K. Information Commissioner Richard Thomas to implement some of the proposals by imposing fines on businesses for the "deliberate or reckless loss of data."

The legislation would also permit Thomas' office to spot-check central
government and local authorities for compliance with the DCA. It also calls for the U.K.'s information commissioner's office to publish rules on how and when organizations should notify it of data breaches.

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.


  • People
    Dr. Ronny Jackson briefs the press on President Trump

    Uncertainty at VA after nominee withdraws

    With White House physician Adm. Ronny Jackson's withdrawal, VA watchers are wondering what's next for the agency and its planned $16 billion health IT modernization project.

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.