"If the government wants to make the public's data more accessible, then this must go hand in hand with greater penalties for those who abuse that access. This should include the threat of jail time and a criminal record," said Carr.
The full report makes fascinating reading as a real-world take on data breaches, itemising every single breach that was reported as part of its research.
Incidents included a probation officer who gave the personal details of a domestic abuse victim to her abuser and was fined only £150 for the offence, and the NHS surrey computer that was bought at auction containing the records of 3,000 patients, resulting in a £200,000 ICO fine.
"Whilst fines may, at first, appear to be a sensible response, they quickly lose their impact on closer inspection," said the report in a possibly unintentional swipe at the ICO's impotent regime.
The BBW is correct to question the effectiveness of fines. The bigger sanction for private firms is simply embarrassment and loss of reputation. In many cases inside the NHS and public sector this rule is blunted by the fact that few members of the public ever find out about incidents.
Sign up for Computerworld eNewsletters.