The Ministry of Justice is running two consultation exercises in tandem concerning proposals to amend the Data Protection Act. The first proposal is to introduce custodial sentences of up to two years for data protection offences; the second proposal is to introduce new civil penalties, with an upper limit fine of £0.5m, for serious breaches of the data protection principles.
[…]
In its first consultation on tougher data protection sanctions, the Ministry of Justice is proposing to increase the maximum penalties available in England and Wales, to imprisonment for up to two years when tried in the Crown Court, or up to 12 months in the Magistrates’ Court. These custodial penalties would be available in addition to the existing powers to levy fines.
In the second consultation, the Ministry proposes that the DPA be amended to provide the Information Commissioner with a power to impose a civil monetary penalty of up to £500,000 on data controllers if he or she is satisfied that there has been a serious contravention of the requirement to comply with the data protection principles by the data controller and: (i) the contravention was deliberate and likely to cause substantial damage or substantial distress; or (ii) the data controller knew or ought to have known that there was a risk that the contravention would occur and reasonable preventative steps were not taken.
Read more in the TheHRDirector.