The information commissioner in the UK is calling for tougher sentencing powers for individuals who have been found guilty of personal data theft.
Christopher Graham’s comments come on the back of a recent case involving a member of staff at a car rental company, whose sentence has been deemed insufficient given the seriousness of the crime.
Sindy Nagra, who had pleaded guilty to stealing large swathes of sensitive customer information from Enterprise Rent-A-Car, was fined just £1,000.
This, Mr. Graham argues, is far too lenient for what took place. Ms. Nagra, from Hayes in London, had copied and then sold data belonging to up to 28,000 customers, for which she received over $7,000 (£5,000) in cash.
As a homeworker, she was able to photograph the records after accessing them via her own personal computer.
The car rental firm only realised that something was wrong when it discovered Ms. Nagra had been viewing above average numbers of records, many of which she didn’t need to process.
“Nuisance call cowboys and claims market crooks will pay people to steal personal data,” explained the information commissioner. "The fines that courts are issuing at the moment just don’t do enough to discourage would-be data thieves.
“This fine highlights the limited options the courts have … We’d like to see the courts given more options: suspended sentences, community service, and even prison in the most serious cases.”
Mr. Graham added that given the fact that data security is an increasingly pressing issue for more and more people, it is imperative that criminals are appropriately punished.
This, he elaborated, is to send a strong message to fraudsters that data theft is a serious crime, with the worst offenders at risk of a prison sentence. In general, there needs to be a “more effective deterrent”.
“We’ve been pushing for this for some time,” he continued.” Parliament voted for it to happen more than seven years ago but it remains on a Westminster backburner. It is high time that changed.”