Data thieves facing two years in prison

Individuals who sell or deliberately misuse others' personal data could now face a penalty of up to two years in prison.

The previous penalty stipulated for the charge in the Data Protection Act 1998 was a fine.

Now on summary conviction data thieves face getting up to six months in prison while for a conviction on indictment they could get up to two years, said the Department for Constitutional Affairs.

The change comes as the government is moving to increase data sharing as a way of offering higher quality public services to citizens.

Lord Falconer, Secretary of State for Constitutional Affairs and Lord Chancellor, said in a statement: "Greater data-sharing within the public sector has the potential to be hugely beneficial to the public and is wholly compatible with proper respect for individuals' privacy. One of the essential ways of maintaining that compatibility is to ensure the security and integrity of personal data once it has been shared."

The government plans to introduce the amendment to parliament when time allows.

Information Commissioner Richard Thomas had proposed tougher penalities and today said in a statement that "a custodial sentence will act as a deterrent".

He added: "People care about their privacy and have a right to expect that their personal details remain secure. Information obtained improperly can cause significant harm and distress."

Simon Briskman, partner at Field Fisher Waterhouse, said the new law is positive for businesses worried about data misuse by insiders. "I can only see that better and stronger enforcement plans will help [fight data theft]," he said.

He stressed the international nature of the problem, citing the recent Channel 4 Dispatches programme which revealed criminal gangs selling UK credit card and passport details from Indian call centres.

Along with tougher penalties, he believes more data theft cases will now come to court. "The threat of enforcement is now higher because government is saying clearly they want to enforce in this area," he said. "It's a swing towards stronger regulation in the [data protection] field."

Security experts believe data theft will remain a top concern for businesses in 2007.