U.K. seeks tougher penalties for data loss

Under proposed new rules and legislation, organizations in the United Kingdom that lose people’s personal data could be hit with big fines, and government bodies could be subject to much stricter oversight of their efforts to protect such data.

The Information Commissioner’s Office (ICO) could fine organizations that display “deliberate or reckless loss of data,” according to proposed rules released Nov. 24. Central government departments and public authorities would also be subject to inspection without prior consent to ensure that they are complying with the Data Protection Act (DCA).

The actions come after several high-profile data losses for the U.K.'s government. In 2007, a database holding the records of 25 million people was copied onto several CDs and then lost in transit between government offices.

Then the records on all 84,000 prisoners in England and Wales were copied onto a USB thumb drive, which was lost.

Jack Straw, secretary of state for justice, said the proposals would strengthen ICO’s ability to enforce the DCA. “This is very important if we are to regain public confidence in the handling and sharing of personal information,” he said.

The rules would also:

* Require any individual to provide information necessary to determine DCA compliance.
* Impose a deadline and location for when and where that information would be produced.
* Publish guidance for when organizations should notify ICO about data breaches.
* Publish a statutory code of practice for sharing data.

In a related development, a bill recently introduced in Parliament would allow U.K. Information Commissioner Richard Thomas to implement some of the proposals by imposing fines on businesses for the "deliberate or reckless loss of data."

The legislation would also permit Thomas' office to spot-check central
government and local authorities for compliance with the DCA. It also calls for the U.K.'s information commissioner's office to publish rules on how and when organizations should notify it of data breaches.

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected