British ID thieves face jail time

The British government is proposing to introduce tough penalties that could see identity thieves jailed for up to two years.

Under current law, breaches of the Data Protection Act can only be punished with fines through the courts.

The U.K. government is proposing to amend the law, which makes it an offense to obtain, disclose or procure the disclosure of personal information knowingly or recklessly without the consent of the data controller (with some exceptions). The government wants to increase the penalties for misuse of personal data to allow for up to six months' imprisonment on summary conviction and up to two years in jail if convicted on indictment. These are in addition to the existing fines.

The Department for Constitutional Affairs (DCA) will first undertake a public consultation on the new sentencing proposals (click here for PDF).

The government's change in tack follows a warning by Richard Thomas, the U.K.'s data protection watchdog information commissioner, that current penalties are not proving an effective deterrent to ID thieves. He made the warning in a report released earlier this year, called "What Price Privacy?"

Responding to the news of the DCA consultation, Thomas said: "These proposals will help by ensuring that anyone who might be tempted to misuse personal information for private gain knows that they could go to prison if they do so."

The Lord Chancellor, Lord Falconer, who is responsible for the functioning of British courts, said the new punishments will cover "deliberate and willful misuse" of personal information and that front-line public sector staff who make an error of judgment while sharing data will not be penalized.

The DCA consultation is open until Oct. 30, 2006.

Andy McCue of Silicon.com reported from London.

[Nkully86]

Just 2 years?

I'm sorry, but adding 2 years to an already soft penalty won't scare many hackers out there. ID theft is a much larger issue than they seem to be taking it these days. Recently, when Gary McKinnon got extradited here he was facing up to 70 years for potentially infiltrating government computers.
<a class="jive-link-external" href="http://www.iwantmyess.com/?p=77" target="_newWindow">http://www.iwantmyess.com/?p=77</a>

Seems a little light to give someone 6 months-2 years when they are potentially ruining people's lives when McKinnon may get up to 70 years for not even damaging anyones personal data. These people have access to any sort of dangerous information they want on people and if we want to stop this, we need to begin punishing them like we should.
<a class="jive-link-external" href="http://www.essentialsecurity.com/Documents/article16.htm" target="_newWindow">http://www.essentialsecurity.com/Documents/article16.htm</a>

[heystoopid]

Only Two Years!

At the rate these pom's are filling their current very overcrowded prisons, looks like they will have to bring back prison hulks and transportation, to the far lung outposts of the new empire like Basra in Iraq!

[ajbright]

Where do you draw the line?

It may be that two years seems lenient, but if you were to visit a British prison I doubt you'd think so afterwards, but that's not my point.

My point is when you look a violent crime in general. Do you send a person that stole money, caused hardship and permanently wrecked someone's credit to jail for the same amount of time as the average rapist or those that commit acts of violence while carrying out a robbery?

I mention this not because 1 1/2, 2 or 3 year sentences are correct for such actions, but because often those are the sentences - and by giving someone an equivalent sentence for identity theft the government would be saying it's no worse to rape someone than steal their identity.

Again I would point out that even 6 months in one of Her Majesty's boarding homes is long enough for any but the hardiest of criminals to instantly regret their actions - especially after being greeted on the first night with soon to be intimate on a level you wouldn't wish on your worst enemy cell mates.

[kamwmail-cnet1]

It would take victims MORE than 2 years to fix credit.

Here's a suggestion: psychologically condition the perps to go into convulsions if they come near any financial transactions. They misused it, now they shouldn't be allowed to use it. And if it "inconvience" these perps --- tough f#cking sht! I'm sure the victims are plenty inconvienced too.