New data protection rules asked by UK MPs

By EDRi · January 16, 2008

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The Justice Committee of the UK House of Commons issued on 3 January 2008 a
report on public data protection summarising the status and development of
the topic, especially since the November 2007 Chancellor’s announcement to
the Parliament related to the loss of confidential data records of 25
million people by HM Revenue and Customs.

The report that recommends a data breach notification law, criminal
penalties for data controllers that are found responsible for breaching
security, greater powers and financing for the Information Commissioner’s
Office, follows the line of the recommendations made by the House of Lords
Science and Technology Committee in August 2007 that were rejected at that
time by the government.

The present report emphasises the risk involved by large databases that are
accessible by many licensed users, making particular reference to
ContactPoint, the children’s database that will come into being this year
and the National Identity Register, also planned to be gathered in 2008. It
also draws the attention on the risk related to the obligation to share data
with the other EU member states. “If data held by the Government is
available for inspection outside the jurisdiction, then the importance of
restricting the amount of data held, as well as proper policing of who had
access to it, takes on even greater importance.” reads the report.

The report recommends that personal data should be held only where there are
proper safeguards for the protection of the respective data, which, in the
Justice Committee’s opinion will become ever more difficult as data can be
easily shared within the country as well as between countries.

A greater role in the data protection should be played by the Information
Commissioner who should receive adequate support in this sense. “We note
that he already considers that his resources are at a minimum” is the
report statement.

It also calls for a legal obligation to notify the Commissioner as well as
the affected parties on significant data losses and for penalties for those
who disclose personal data.

A Ministry of Justice spokeswoman said: “Parliament is currently considering
proposals to amend section 60 of the Data Protection Act through the
Criminal Justice and Immigration Bill (…) This will provide a custodial
sanction as well as the existing fines for those found guilty of unlawfully
obtaining or disclosing personal data.”

MPs call for tougher data protection regime (3.01.2008)

House of Commons Justice – First Report (3.01.2008)

HMRC loses confidential details of 5 million benefit recipients (20.11.2007)

Government ignores Personal Internet Security (29.10.2007)

Government ignores Personal Internet Security

Tougher data laws needed, say MPs (3.01.2008)

EDRi-gram: UK government loses personal data on 25 million citizens