Prison sentences and higher financial penalties for breaches of data protection laws are expected to be introduced in the near future, following discussions between the Information Commissioner's Office and the Ministry of Justice.

Christopher Graham, the new Information Commissioner, has told the House of Commons Committee on Culture, Media and Sport that he will be lobbying Parliament to have the custodial sentences provision in s77 of the Criminal Justice and Immigration Act activated. This will mean that anyone convicted of obtaining, procuring or disclosing personal data without the permission of the Data Controller can face a prison sentence of up to two years, as well as a substantial fine.

The move follows a widely-reported crackdown on the sale of unlawfully obtained data from private investigators to journalists. Recently, former News of the World editor Clive Goodman was sentenced to four months in prison for tapping calls made to and from the royal household. However, the provisions of the legislation that the ICO wish to be activated will apply to anyone who comes into contact with personal data, and therefore all organisations and individuals will have to take extra steps to ensure that they are complying with data protection laws.

With the ICO undertaking a broad programme of spot checks against public and private sector organisations, it would be wise to check that your data protection policy is up-to-date, and that staff are fully aware of their obligations under the Data Protection Act.