Tougher data laws needed, say MPs

Richard Thomas suggested more data losses might come to light

Reckless or repeated breaches of data security should become a criminal offence, a committee of MPs has said.

Currently, government departments cannot be held criminally responsible for data protection breaches.

But a report on the "truly shocking" loss of 25m people's personal details by HM Revenue and Customs, the Commons justice committee demands tougher laws.

The government welcomed the report and said it was considering measures to toughen up the Data Protection Act.

The committee found there was a "widespread problem" and "systemic failings" in the government's handling of personal data.

It is frankly incredible, for example, that the measures HMRC has put in place were not already standard procedure Alan Beith Send us your comments

Its Liberal Democrat chairman Alan Beith said: "The scale of the data loss by government bodies and contractors is truly shocking but the evidence we have had points to further hidden problems.

"It is frankly incredible, for example, that the measures HMRC has put in place were not already standard procedure."

Speaking on BBC Radio 4's Today programme, he said Information Commissioner Richard Thomas, who gave evidence to the select committee, was warning of more personal data loss cases "in the pipeline".

Criminal value

"(Whitehall) departments are coming to him on almost a confessional basis, quite rightly, to report that they too have got problems."

Mr Beith added: "It's a very serious situation and it impairs the proper use of data, which is often very important both to individuals and in areas like child protection and dealing with criminal behaviour."

Proper data protection was still not routine, he warned, despite its "potentially immense value" among criminals.

Parliament is currently considering proposals to amend section 60 of the Data Protection Act through the Criminal Justice and Immigration Bill Ministry of Justice spokeswoman

The report follows the loss of child benefit data on two discs sent unencrypted by HMRC in north east England to the National Audit Office in London.

Further data losses have emerged as a result of investigations into how Whitehall handles people's details.

As well as new criminal laws, the committee wants stronger enforcement powers and better resources for the information commissioner.

'Proper policing'

It also called for a legal obligation to report significant data losses to those affected and to the commissioner.

And MPs said the need for a "proper approach" to data handling was even more important given the proposed database of every child in the UK, the proposed identity card scheme and moves to allow other EU member states access to data held in the UK on UK citizens.

The prime minister and chancellor apologised over the data loss row last month and an inquiry is under way, alongside a police investigation.

Millions of families were told to be on the alert for fraudulent use of their details, which include children's names, addresses and dates of birth and National Insurance and bank details.

A Ministry of Justice spokeswoman said the need to strengthen data protection laws had been recognised before the child benefit discs were lost and a review had been commissioned in October.

"Parliament is currently considering proposals to amend section 60 of the Data Protection Act through the Criminal Justice and Immigration Bill," she said.

"This will provide a custodial sanction as well as the existing fines for those found guilty of unlawfully obtaining or disclosing personal data."