Giving evidence to the Lords’ Constitution Committee last week, Information Commissioner Richard Thomas said: ‘It is hard to see that is anything but gross negligence.’
GPs could be fined up to £5,000 in a magistrates' court or an unlimited sum in a crown court.
A spokeswoman for the Information Commissioner confirmed afterwards that a draft paper making the proposal had been submitted to the Minister of Justice.
She said: ‘It’s not just GPs. What we are saying is that where an organisation knowingly and recklessly fails to comply with the Data Protection Act and creates a substantial risk of damage or distress to individuals, we want it to become a criminal offence and to be able to prosecute immediately.’
At the moment the Information Commissioner must first issue an enforcement notice and only if this is breached is a criminal prosecution pursued.
Comment below and tell us what you think