Members of Parliament on the House of Commons Justice Select Committee have called for courts in the United Kingdom to be given greater powers to imprison and fine individuals who breach the Data Protection Act (“DPA”). The Committee stated in its October 18, 2011 report that the current penalties for unlawfully obtaining personal data (under Section 55 of the DPA) are an inadequate deterrent, and urged the government to exercise its power to introduce prison sentences without delay. Although currently a magistrates’ court can issue fines of up to £5,000 for breaches of Section 55 (and the Crown Court can impose unlimited fines), in practice, penalties often are limited to only a few hundred pounds.

Commissioner Christopher Graham to the Committee earlier this year. In addition to calling for greater powers to imprison and fine violators, the report noted that personal data breaches were not being properly investigated because the Information Commissioner’s Office lacked sufficient powers to audit and investigate. The Committee has asked government to assess how the current audit system is working and consider whether the Information Commissioner should have the power to conduct compulsory audits of an organization’s data processing activities. “We are concerned that the Information Commissioner’s lack of inspection powers is limiting his ability to investigate, identify problems and prevent breaches of the Data Protection Act, particularly in the insurance and healthcare sectors,” the report stated.

Both the Committee and Christopher Graham agree that the issues raised in the report should be dealt with by Parliament, and that government should not wait for the outcome of Lord Justice Levesen’s inquiry regarding press ethics (launched in the wake of the recent phone hacking scandal) to expand the Information Commissioner’s powers. “We shouldn’t have to wait a further year for the 2008 legislation to be commenced when today’s highly profitable trade in our data has little if anything to do with the press,” said Christopher Graham.