![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
Back in September, UK Information Commissioner Christopher Graham appeared before the Justice Committee and called for custodial sentences to be made available in respect of the unlawful trade in—and access to—personal information.
Section 55 of the UK Data Protection Act 1998 makes it an offence to “knowingly or recklessly, without the consent of the data controller, obtain or disclose personal data.” Currently, this offence attracts a maximum £5000 fine if the case is heard in the Magistrates’ Court and an unlimited fine in the Crown Court. Under Section 77 of the Criminal Justice and Immigration Act 2008, power was granted to the Secretary of State to introduce prison sentences in respect of Section 55 offences. However, this power has not been exercised as yet.
In its report “Referral fees and the theft of personal data: evidence from the Information Commissioner,” published on 27 October, the Justice Select Committee supports the information commissioner’s call for tougher sanctions and urges the government to introduce custodial sentences without further delay.
