The House of Commons Justice Committee has today released a report into the protection of public data. The report is a good summary of the state of play and, in particular, of developments since the Chancellor announced to Parliament in November last year that HMRC had lost confidential records affecting 25 million UK citizens.
The report recommends a data breach notification law, criminal penalties for data controllers who are responsible for reckless or repeated security breaches and greater powers and resources for the Information Commissioner's Office. Currently, the Information Commissioner receives roughly £10 million each year to conduct all of his data protection activities.
These recommendations echo those made by the House of Lords Science and Technology Committee in August 2007, recommendations that the Government rejected almost entirely. Perhaps the public outcry following the HMRC data security breach will help Government think again.
Today's report is explicit about the real risks associated with big databases containing personal data that are open to large numbers of licensed users, and mentions the children's database ContactPoint, as well as the planned National Identity Register. It also notes further risks associated with obligations to share data with EU member states:
"If data held by the Government is available for inspection outside the jurisdiction, then the importance of restricting the amount of data held, as well as proper policing of who had access to it, takes on even greater importance."