The Information Commissioner's Office now has the power to fine organisations which deliberately or recklessly commit serious breaches of the Data Protection Act.

The Criminal Justice and Immigration Act got Royal Assent today. Sadly the law is not retroactive, so the long list of government departments which have lost or endangered our data in recent months will not be fined.

David Smith, deputy information commissioner, said: "This change in the law sends a very clear signal that data protection must be a priority and that it is completely unacceptable to be cavalier with people’s personal information. The prospect of substantial fines for deliberate or reckless breaches of the Data Protection Principles will act as a strong deterrent and help ensure that organisations take their data protection obligations more seriously."

The ICO has repeatedly asked for stronger powers to investigate and fine companies which are failing to take data protection seriously.

Smith said such tougher sanctions would help reassure the public that their data was safe. The ICO at one point suggested prison sentences for those responsible for the most serious breaches. ®

Related stories

• Retailers risk libel nightmare over 'no-work' database (9 May 2008)
• Updated Home Office defends 'dangerously misleading' Phorm thumbs-up (24 April 2008)
• ICO queries Heathrow T5's huge fingerprint scam scan (24 March 2008)
• ICO to focus on reducing risk, not enforcement (19 March 2008)
• ICO tells Cabinet Office to release Iraq docs (26 February 2008)