More power for watchdogs in the wake of crisisz The government is “highly likely” to have breached the Data Protection Act, Alistair Darling admitted in the House of Commons last week.

And the day after the problems at HMRC were made public, Gordon Brown said at prime minister’s questions that the Information Commissioner’s Office (ICO) would be given more power to spot-check Whitehall departments’ data protection practices.

Information commissioner Richard Thomas welcomes the move.

“I have been pressing the government to give my office the power to audit and inspect organisations that process people’s personal information, without first having to get their consent,” he said.

But the prime minister has not yet gone far enough, said Thomas.

“It is important that the law is changed to make security breaches of this magnitude a criminal offence,” he said.

“At the moment I can take limited enforcement action, but making it a criminal offence would serve as a strong deterrent.”

Last month the ICO welcomed calls for a data breach notification law that would force organisations to disclose any losses of information. But the government rejected the scheme.

Thomas said: “A law would be welcome ­ but let’s make it a good one that is easy to police and applies to the government as well as the private sector.”
The ICO will not investigate the HMRC breach.

The chancellor has commissioned PricewaterhouseCoopers chairman Kieran Poynter to produce an interim assessment next month, followed by a full report in the spring.