Is bottled water worth more than personal data?

Last month, a participant in the London riots was convicted of stealing £3.50 worth of bottled water, and sentenced to six months in prison. Another lad would have been jailed for the theft of £1 of chewing gum had he not been under 15. If either stole 100,000 people’s details and sold them, they could not have received a custodial sentence. A breach of the Data Protection Act’s s55 is not a recordable offence, so even a massive data theft would not show up on a CRB check, and would not have to be declared to employers. I think the strong legal reaction to the riots was justified. But we still live in a country where bottled water is valued more than people’s information.
How did we get in this position? A Heather Brooke article (http://tinyurl.com/5txarv5) about attempts to keep a lid on police leaks last week reminded me. Brooke made a compelling case for not cracking down on whistle-blowers, and to be concerned when the cops question journalists who are just doing their job. Even though I agree with Brooke here (not something that happens every day), previous stirring defences of journalistic freedom left us with the bottled water situation.
Think back to 2008, when the press saw off a proposal to jail data thieves in the Criminal Justice and Immigration Act 2008. The suggested new punishment had come about partly because of Clive Goodman’s phone hacking, and was closely associated with journalists. Donald Trelford alleged in the Independent that the proposed jail sentence could destroy investigative journalism and claimed it would make “Robert Mugabe nod in approval” (see http://tinyurl.com/6962776 for the full article).
Meanwhile, Daily Mail editor Paul Dacre’s rousing 2008 speech to the Society of Editors was widely reported because of his attack on the alleged amorality of Justice Eady. Read it here: http://tinyurl.com/6dpg5xa. The Mail Man upbraided Eady for frustrating the media’s moral obligations to report on cuckolding sportsmen and Max Mosley’s spanked arse. But Dacre also explained how Gordon Brown had leant an understanding ear to newspaper concerns about the DP amendment, and put it on hold. When Dacre met with Brown to press his case, he was accompanied by none other than Les Hinton of News International fame. It would be bad manners to mention that the Daily Mail topped the list of organisations that used private investigators in the ICO’s ‘What Price Privacy’ report, because Dacre told Parliament in July that he has never countenanced hacking or blagging.
Data Protection has always included a strong public interest defence. You have an absolute defence, even if you steal data, as long as it is in the public interest. When Labour originally decided to upgrade the theft punishment to a two-year maximum jail term, they included specific public interest protections for journalists. We now know that, despite Trelford’s surprise in February 2011 that anyone was still interested in phone hacking, one national newspaper’s handling of private information was appalling enough to warrant some real change, even if it proves to have been isolated to the News of the World. And we should shift the focus off journalists to people who steal customer databases, private investigators who blag information, and police officers who take information from the Police National Computer.
It would require no more than a stroke of the pen to make the jail sentence live. But so far, nothing. Heather Brooke is right that democracies need whistle-blowers and public-spirited leaks. We need journalists who plug away at difficult stories, free of intimidation and supported by the law. We should listen to journalists when they are being pressured by the establishment. However, independent media scrutiny must not prevent adequate penalties for data thieves – a healthy society needs both. People who steal data for profit should go to prison. Two people were prosecuted in June in the magistrate’s court, but despite the ICO’s efforts, they only got fines and I bet they turned a profit on the deal.
Unless / until Mr Cameron does what Mr Brown wouldn’t, or Lord Leveson comes to the conclusion that phone hacking is the final final straw, I have a modest proposal for the Information Commissioner. Chris Graham has made a consistent case for the jail sentence, mentioning it at every opportunity. Until someone listens to him, he has an alternative. Why doesn’t he show the value of personal data by fining people who steal it? The theft of data is a breach of the first data protection principle, as it is neither fair nor done according to the DP conditions. Theft is also a breach of the second principle (you wouldn’t send a notification to the Commissioner saying ‘I steal data and then I sell it’). It’s not what the monetary penalties were designed for, but we live in a topsy-turvy world. The courts have already sent a message to rioters – Graham should send his own to both politicians and blaggers. 
%d bloggers like this: