Appendix 4 - Criminal offences under the Data Protection Act 1998

1. Unlawful obtaining, disclosing or procuring the disclosure of personal data.
2. Unlawful Selling of personal data that was previously unlawfully obtained.
3. Altering, defacing, blocking or destroying records containing personal data, where the intention is to prevent the disclosure of that information in response to a subject access request.
4. Processing personal data without a notification register entry.
5. Failure to notify the Information Commissioner of changes to the notification register entry.
6. Failure to comply with an Enforcement or Information Notice served by the Information Commissioner.
7. Knowingly or recklessly making a false statement in response to an Information Notice from the Information Commissioner.
8. Forcing another individual to make a subject access request.

Anyone found guilty of a criminal offence could face a fine of up to £5000 in the Magistrate's Court or an unlimited fine in the Crown Court.

Please contact the Information Compliance Advisor for further information.