PAG Meeting calls for heavy fines for misuse or loss of personal data

At last Monday’s (28^th January) very well attended Positive Action Group presentation and discussion on personal data, biometrics and ID cards, the meeting voted to support a motion calling for legislation to be introduced that a set minimum fine of £25,000 for the misuse or loss of personal data; particularly by Government. The money collected would then be used to compensate the victims of the loss or misuse - who often suffer a prolonged, and significant, level of avoidable stress, and inconvenience, in trying to deal with the aftermath of the incident – even if no significant financial loss arises.

Members at the meeting expressed the view that if Government, in particular, was demanding ever more information from its citizens - and then ‘storing’ it on items such as passports, and potentially ID cards, - then the public needed to be convinced, and reassured, that the system was secure.

Therefore, to build the trust the public required, and to help concentrate the minds of the data controllers, the meeting thought that the ‘punishment’, for breaching that trust, needed to be more than a slapped wrist.

The concept of ‘reasonableness’ and ‘proportionality’ was introduced into a lively discussion on what is, for some, a highly sensitive subject - the obtaining and use of biometric data, such as finger prints.

General agreement was reached that finger printing primary school children, to overcome an apparent ‘problem’ with ‘lost’ library cards was neither a reasonable or proportional response.

It was also propounded that ‘conditioning’ people from an early age to accept the ‘giving-up’ of personal data voluntarily was an insidious, but steady, erosion of the individual’s ‘sovereignty’ of their personal data.