In an article published in the Law Society Gazette, Robert Brown, partner, Corker Binning, looks at why the recent sentences for blagging could strengthen the case for tougher penalties for breaches of the Data Protection Act.
Blagging and the DPA – is it time to make offences imprisonable?
Despite it being almost 10 years since the start of Operation Motorman, and the subsequent furore which lead to the closure of the News of the World, it is still not possible for a person found guilty of illegally obtaining and disclosing personal information to be imprisoned for that offence. However, strong words from the Information Commissioner’s Office this week suggest that this may be ripe for change.
The call comes as four private investigators were sentenced to between six and 12 months imprisonment after pleading guilty to fraud offences. Daniel Summers, Philip Campbell Smith, Graham Freeman and Adam John Spears accepted ‘commissions’ to impersonate a legitimate party, or otherwise deceive the information holder, in order to gain personal data (such as bank statements and telephone bills) on particular targets.
Such ‘blagging’ has been an offence since 2000 under the Data Protection Act 1998 but has become a buzzword since the exposure of such practices amongst British newspapers, together with phone hacking and alleged bribery. However, as the law stands, a person guilty of unlawfully obtaining personal data under section 55 DPA 1998 can only be fined (up to £5,000 in a magistrates’ court or an unlimited amount in the Crown court). Those imprisoned this week received jail sentences because their conduct, carried out as a commercial operation, was prosecuted as a conspiracy to defraud.
On the same day, by contrast, a London estate agent was fined just £200 for attempting to access the account of a benefit claimant tenant over the telephone. In a subsequent press release, information commissioner Christopher Graham lamented the ‘chicken feed fines’ available against breaches of the DPA and called for there to be no further delay in implementing new powers beyond the regime of fines.
Related offences of phone hacking are already imprisonable. Most prominently, Glenn Mulcaire and Clive Goodman were sentenced to six and four months respectively for interception of communications offences under the Criminal Law Act 1977 and the Regulation of Investigatory Powers Act 2000. As such the lack of prison sentences for DPA offences, which are frequently utilised for prosecuting equally serious conduct, appears to be something of a lacuna.
The solution to this disparity already lies on the statute books. Under section 77 Criminal Justice and Immigration Act 2008, the secretary of state is empowered to introduce prison sentences of up to 12 months for summary conviction and 24 months for those convicted on indictment of breaching section 55 DPA 1998 (those concerned with the freedom of the press should also take note that section 78 CJIA 2008 gives the secretary of state the power to provide a defence for a person showing that he acted, inter alia, for a journalistic purpose with a reasonable belief that it was justified in the public interest.)
In October 2011 the Justice Select Committee called for these powers to be implemented swiftly, noting that the current fines were an ‘inadequate deterrent’ to breaches. The government remained noncommittal. However, now it seems as though a week seldom goes by without the Leveson inquiry uncovering some previously unknown seam of dishonesty. If the hole goes much deeper, the government may be glad it has the option to increase penalties in a hurry.
Robert Brown, partner at London firm Corker Binning
Nick Barnard comments on the subtle shift in government rhetoric regarding crypto regulations
February 2 2023
Nick Barnard writes about crypto wallet freezing orders in Thomson Reuters
January 25 2023
Peter Binning comments on regulatory regimes in the Financial Times
January 25 2023