… Responding to a Ministry of Justice call for evidence on the current data protection legislative framework, the privacy watchdog said that the greatest threat to information security in organisations is individuals.
But it said the Data Protection Act “only provides for a fine for those individuals who knowingly or recklessly obtain or disclose personal data, or procure someone else to do this for them”.
It said: “The Information Commissioner considers that the trade in personal information justifies the possibility of a custodial sentence for the most serious offences.”
The ICO added that further clarity is needed in the law for individuals and businesses, even though it found current data protection principles to be sound.
In particular the ICO said it wanted more clarity on the scope of the law including what constitutes personal data as well as clarity on when consent is needed to use personal data.
Read more on PublicService.co.uk.
A full copy of the ICO’s response to the MoJ’s call for evidence can be viewed here (pdf).