Which? uses cookies to improve our sites and by continuing you agree to our cookies policy

Prison time for those convicted of data misuse

Culture, Media & Sport inquiry demands jail sentences


Anyone who is convicted of unlawfully obtaining and selling personal data should be given a jail sentence of up to two years, a new report published today recommends. 

The Culture, Media & Sport Committee’s recent inquiry into cyber security was triggered by a series of data breaches at TalkTalk.

It’s now warning that the problem is significant, growing, and affects all sectors with an online platform or service.

The Committee also wants to strengthen the Information Commissioner’s Office (ICO) ability to levy increased fines to those who fail to report or learn from data breaches. 

You can use our guide to understand what to do if your data has been leaked. 

Increasing threat of data leaks

Nine in ten large organisations have reportedly experienced a security breach and 25% of private companies experience a cyber-breach at least once a month.

The public sector fares no better. The latest research from the ICO shows that the health sector has had the most data breaches, followed by local government.  

Not all threats to cyber security or data protection are from external factors though. Two in five are caused by employees, contractors and third-party suppliers, with half of these being accidental.

Consumer rights and protecting customers

The Committee also focused on strengthening consumer rights, outlining a series of requirements on company directors and chief executives to raise awareness of scams and protect customers.

Such requirements include companies making it much easier for customers to verify if communications are genuine or be fined for failing to do so. 

Another recommendation was to make it easier for victims of data breaches to claim compensation.

Which? Director of Policy & Campaigns Alex Neill said: ‘This report makes it clear that data breaches are all too common and cyber security should be an important issue for any large organisation.

‘When a data breach happens it is imperative that companies do all they can to take responsibility for protecting their customers, swiftly offering help and compensation where appropriate.

‘Data breaches can lead to fraud but unfortunately they represent the tip of the iceberg. 

‘The government’s Joint Fraud Taskforce should be investigating and making recommendations by the end of the year on how companies can better protect their customers from fraud.’

Safeguard us from scams

Fraud is now at record levels with more than five million scams perpetrated each year, costing the British public a mind-boggling £9bn annually. 

And while there are sensible steps we can all take to protect ourselves, an unfair burden has been placed on the public rather than on companies to do more to protect their customers.

Which? is urging the government to take the lead and ensure companies safeguard us all from scams. Sign our petition to force action on scams.

More on this…

Back to top