January 03, 2008 | Becky Hogge

MPs call for tougher data protection regime

The House of Commons Justice Committee has today released a report into the protection of public data. The report is a good summary of the state of play and, in particular, of developments since the Chancellor announced to Parliament in November last year that HMRC had lost confidential records affecting 25 million UK citizens.

The report recommends a data breach notification law, criminal penalties for data controllers who are responsible for reckless or repeated security breaches and greater powers and resources for the Information Commissioner's Office. Currently, the Information Commissioner receives roughly £10 million each year to conduct all of his data protection activities.

These recommendations echo those made by the House of Lords Science and Technology Committee in August 2007, recommendations that the Government rejected almost entirely. Perhaps the public outcry following the HMRC data security breach will help Government think again.

Today's report is explicit about the real risks associated with big databases containing personal data that are open to large numbers of licensed users, and mentions the children's database ContactPoint, as well as the planned National Identity Register. It also notes further risks associated with obligations to share data with EU member states:

"If data held by the Government is available for inspection outside the jurisdiction, then the importance of restricting the amount of data held, as well as proper policing of who had access to it, takes on even greater importance."

Comments (2)

  1. KWTL - Keeping Within The Law: Select Committee calls for tougher laws to protect private information:
    Jan 05, 2008 at 12:06 AM

    [...] for the Office of the Information Commissionersee also ITN – MPs demand data crackdownOpen Rights Group – MPs demand tougher data protection regimeBBC News Online Tougher data laws needed, say MP's Select Committee press [...]

  2. philwilson.org » Blog Archive » Safeguarding our data:
    Jan 20, 2008 at 11:51 PM

    [...] Stuart Langridge recently asked a question along the lines of "Is it my fault if I make some piece of information public, and it is used against me?" - my worry with data security isn’t that I make something public, but that someone else, like a governmental body, does it for me. What rights do I have to make sure that my data is always encrypted? What rights do I have to withdraw data from their databases? What rights do I have to be informed if my data is leaked? (OK, this last one is currently up for debate) [...]

This thread has been closed from taking new comments.