ICO: Data thieves must face tougher punishments than fines

Information Commissioner calls for threat of prison sentences after rental car employee sells customer data

Criminals who steal people's personal data must face tougher punishments than small fines, according to the Information Commissioner's Office (ICO).

The data watchdog's renewed call for tougher punishments comes after a woman who sold 28,000 people's personal details to earn 5,000 was only fined 1,000 by a court.

Enterprise Rent-A-Car admin assistant Sindy Nagra, 42, from Hayes, sold the records for cash by photographing them on her computer screen while working from home.

Advertisement - Article continues below

Each customer had been involved in a road traffic collision, and details included those of the policyholder and their insurance claim.

Nagra pleaded guilty of breaching the Data Protection Act at Isleworth Crown Court, but despite being able to issue unlimited fines for the offence, on Friday the court only fined her 1,000, plus a 100 victim surcharge and 864.40 in prosecution costs.

Information Commissioner Christopher Graham said: "The fines that courts are issuing at the moment just don't do enough to discourage would-be data thieves.

"This fine highlights the limited options the courts have. Sindy Nagra got 5,000 in cash in return for stealing thousands of people's information. She lost her job when she was caught, and has no money to pay a fine, and the courts have to reflect that. But we'd like to see the courts given more options: suspended sentences, community service, and even prison in the most serious cases."

Advertisement - Article continues below
Advertisement - Article continues below

Currently courts cannot issue prison sentences for these kinds of criminal offences, and the person who purchased the records, Iheanyi Ihediwa, 39, from Manchester, was also only fined 1,000.

But Graham added: "With so much concern about the security of data, it is more important than ever that the courts have at their disposal more effective deterrent penalties than just fines.

"People who break the criminal law by trading in other people's personal information need to know that they will be severely punished and could even go to prison. Parliament voted for it to happen more than seven years ago but it remains on a Westminster backburner. It is high time that changed."

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now



K2View innovates in data management with new encryption patent

28 May 2020
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020
data protection

NHS yet to understand risks of holding Test and Trace data for 20 years

29 May 2020