Knowing or reckless misuse of personal data – introducing custodial sentences

From the UK Ministry of Justice:

Reference Number : CP22/09

Status: Open

Open date: 15 October 2009

Close date: 07 January 2010

A consultation on exercising the power to provide for custodial sanctions for those found guilty of knowingly or recklessly obtaining, disclosing, selling or procuring the disclosure of personal data without the consent of the data controller.

These are all offences under section 55 of the Data Protection Act 1998, relating to selling or offering to sell information that has been unlawfully obtained. In addition, there is a proposal to commence simultaneously a new defence under section 55 relating to the purposes of journalism, art and literature.

Knowing or reckless misuse of personal data: introducing custodial sentences (PDF 0.13mb 26 pages)
Impact assessment (PDF 0.10mb 13 pages)

Safaricom-Backed M-TIBA Victim of a Possible Data Breach Affecting Millions of Kenyans
Another plastic surgery practice fell prey to a cyberattack that acquired patient photos and info
Two U.K. teenagers appear in court over Transport of London cyber attack
ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.
JFL Lost Up to $800,000 Weekly After Cyberattack, CEO Says No Patient or Staff Data Was Compromised
Massachusetts hospitals Heywood, Athol say outage was a cybersecurity incident

Related: