The government has launched a public consultation on whether to introduce prison sentences for those found guilty of offences related to obtaining, disclosing, or selling personal data.

The Ministry of Justice's (http://www.justice.gov.uk/index.htm) move comes after a glut of recent data leak cases involving lost or stolen documents, laptops and data disks affecting government agencies and large companies.

The consultation paper, "The knowing or reckless misuse of personal data: introducing custodial sentences", proposes increasing the current maximum penalty from a fine to up to two years’ imprisonment.

The new measure could see those convicted imprisoned for up to two years if the case is heard in a crown court, and up to 12 months if heard in a magistrates’ court. The courts will also be able to impose community sentences and fines if appropriate.

Justice minister Michael Wills said, "The knowing and reckless misuse of personal data is a serious criminal offence. We have been monitoring this illegal trade closely with the help of the Information Commissioner, and as there is a great deal of concern about the protection of personal data we think the time has now come to consider a more robust penalty."

Jamie Cowper, EMEA director of marketing at data encryption expert PGP Corporation, said, “Current penalties act as no deterrent to professional data thieves who can potentially make ten to twenty times more than this by selling their ill gotten gains to the highest bidder. Custodial sentences may make them think twice in the future."

The current maximum penalty for those found guilty of offences related to obtaining, disclosing, or selling personal data is a £5,000 fine in a magistrates’ court and an unlimited fine in a crown court. The government consultation closes on 7 January 2010.