The Information Commissioner’s office has called for custodial sentences to stop the unlawful use of personal information.
The ICO said that Information Commissioner Christopher Graham will ask in an appearance before the Justice Select Committee for tough punishments to discourage people from snooping online for personal details of others
The move comes after a bank cashier pleaded guilty to using her position to access illegally the personal details of a sex attack victim. The cashier’s husband had been convicted of carrying out the attack and was serving time in jail.
The ICO said that a former employee of Barclays Bank Sarah Langridge claimed she accessed the victim’s accounts and banking records to try to build a picture of the woman who had accused her husband.
The Brighton Magistrates Court fined Langridge £800, made to pay £400 costs and a £15 victims’ surcharge.
Responding to the ruling, the Information Commissioner Christopher Graham said: "It beggars belief that – in an age where our personal information is being stored and accessed by more organisations than ever – the penalties for seriously abusing the system still do not include the possibility of a prison sentence, even in the most serious cases."
He continued, "Access to online records is now part and parcel of almost every transaction the citizen makes – with government agencies, local government, the NHS, DVLA, high street banks, insurers, social networks. This only makes the risks to privacy greater and the need for security greater still."
Langridge is belived to have viewed the victim’s account records including her personal details, current account entries, lending records and employer details. But the defendant claimed that she had not made a record of any of the information she viewed and had not disclosed it to her husband or any other third party.
Graham said that the details of the case are truly shocking.
He said, "The victim had a harrowing enough experience at the hands of her attacker; the revelation that her attacker’s wife was then rooting through all her personal details, for whatever purpose, would have caused even further distress."
"I note the outcome of this latest case, and I remain concerned that the courts are not able to impose the punishment to fit the crime in all cases, because the current penalty for this all too common offence is limited to a fine rather than the full range of possible sentences, including prison for the most serious cases," Mr Graham said.
Section 55 of the Data Protection Act makes it an offence to "knowingly or recklessly, without the consent of the data controller, obtain or disclose personal data." The current penalty for committing the offence is a maximum £5,000 fine if the case is heard in a Magistrates Court and an unlimited fine in a Crown Court.
Graham continued: "There has been a lot of coverage in the media about the section 55 offence – or ‘blagging’ personal information, as it is known. But this offence is not just about private investigators finding out about celebrities’ hospital appointments. This crime has the potential to devastate ordinary people’s lives."
The ICO said that it continues to see a rise in reported allegations of section 55 offences. Numbers reported during 2010 to 2011 are up 18% against figures reported during 2008 to 2009.