The House of Lords has backed proposals to make it a criminal offence to disclose personal information intentionally or recklessly.
The backing follows the Information Commissioner’s call for NHS chief executives to be held accountable for any data loss last week.
If the amendment it is to become law, it will need to be approved by MPs in the House of Commons next month.
The amendment, being debated by Parliament, seeks to make it a criminal offence to “intentionally or recklessly disclose information contained in personal data to another person, repeatedly and negligently allow information to be contained in personal data to be disclosed, or intentionally or recklessly fail to comply with duties.”
Initially, the penalty was to be jail sentences of up to two years for people who steal or sell personal data, but this has now changed to fines and/or penalties.
Baroness Miller of Chilthorne Domer of the Liberal Democrats, said: “Data controllers currently do not face anything like adequate sanctions if they intentionally or recklessly disclose information, or indeed are repeatedly negligent. Goodness knows, this is not exactly a new issue.
“The issue has been around for a long time, and not only in government sectors. The private sector, as we know, can be negligent, and it can do all sorts of things with data that it should not do. Both the public and private sectors need to be covered by further sanctions, which is the reason for our amendment.”
Government minister Lord Hunt of Kings Heath opposed this, however, saying: “The government recognise the genuine and legitimate concerns expressed by noble Lords both in this debate and in Committee, but a number of imminent reviews and reports will inform both the actions that the Government have to take as a Government and whether legislative changes should be made. That is why we think it would be premature to legislate at this point.”
The motion was carried by 134 votes to 130 and will be sent back to the Commons for consideration next month.