David Smith, the deputy information commissioner, told the Direct Marketing Association’s Data Protection 2014 conference that the Information Commissioner’s Office is working with the government to introduce prison sentences to deter breaches of consumer data privacy.
Referring to the sale of T-Mobile consumer records by rogue former employees in 2009, Smith said: "Only prison sentences are likely to be a deterrent."
Smith also warned delegates of the brand damage that can result from poor handling of data breaches. He pointed out that
Proposed changes to the EU Data Privacy Regulations – which currently date from 1998 and are being revised for the internet and social media age - would not impact the UK "for another four or five years", Smith said, but brands needed to be ready.
He said brands such as Microsoft, which "makes a feature of its privacy approach", were to be admired. Smith later told Marketing: "[Google has] done good work on explaining how people’s information is used. Businesses are starting to make privacy a brand differentiator. That’s the modern, up-to-date approach: getting in tune with your customer."
The draft regulation represents a considerable tightening of rules around targeted marketing, including giving consumers the right to have deleted any personal information brands are holding on them.
Smith told Marketing that this so-called "right to be forgotten", which experts believe would make the targeting promised by profile-based services such as BSkyB’s Adsmart more difficult to achieve, is not likely to make the final draft regulation to be voted on by the European Parliament, possibly later this year.
However he said that stricter provisions about the length of time brands may hold consumer data and a strengthening of consumers’ rights to control the use of that data are likely to be included.