The previous penalty stipulated for the charge in the Data Protection Act 1998 was a fine. Now data thieves risk up to six months in prison for a summary conviction, while for a conviction on indictment, they could get up to two years, the U.K. Department for Constitutional Affairs said Wednesday.
The change comes as the British government moves to increase data sharing as a way of offering higher-quality public services to citizens.
Lord Falconer, British Secretary of State for Constitutional Affairs and Lord Chancellor, said in a statement: "Greater data sharing within the public sector has the potential to be hugely beneficial to the public and is wholly compatible with proper respect for individuals' privacy. One of the essential ways of maintaining that compatibility is to ensure the security and integrity of personal data once it has been shared."
The government plans to introduce the amendment to parliament when time allows.
Information Commissioner Richard Thomas had proposed tougher penalties and said in a statement Wednesday that "a custodial sentence will act as a deterrent."
"People care about their privacy and have a right to expect that their personal details remain secure. Information obtained improperly can cause significant harm and distress," he added.
Simon Briskman, partner at London law firm Field Fisher Waterhouse, said the new law is positive for businesses worried about data misuse by insiders. "I can only see that better and stronger enforcement plans will help," fight data theft, he said.
He stressed the international nature of the problem, citing a recent British TV program, Channel 4's "Dispatches," that said criminal gangs are selling U.K. credit card and passport details from Indian call centers.
Along with tougher penalties, Briskman believes more data theft cases will now come to court. "The threat of enforcement is now higher because government is saying clearly they want to enforce in this area," he said. "It's a swing towards stronger regulation in the (data protection) field."
Security experts believe data theft will remain a top concern for businesses in 2007.
Sylvia Carr of Silicon.com reported from London.