From April next year, the ICO will have substantially increased powers to impose fines on companies and individuals who lose data or perpetrate breaches of data security. As part of a current consultation exercise, the MoJ is examining increasing these to £500,000.
Graham says the T-Mobile theft justifies full criminal sanctions. “We are considering the evidence with a view to prosecuting those responsible and I am keen to go much further and close down the entire unlawful industry in personal data,” he says.
He adds: “But, we will only be able to do this if blaggers and others who trade in personal data face the threat of a prison sentence. The existing paltry fines for Section 55 offences are simply not enough to deter people from engaging in this lucrative criminal activity. The threat of jail, not fines, will prove a stronger deterrent.”
Employees of T-Mobile are said to have sold customers’ mobile phone contract details, including the expiry date for their contract. It is alleged that this information was then sold on by third party brokers to the network’s competitors whose agents subsequently made cold calls to customers within a four to six week window of expiry. The theft is alleged to cover thousands of customer accounts and to have involved substantial amounts of money being paid to the thieves.