Tuesday, 12 January 2016
Information Commissioner: Stronger Sentencing for Cyber Crooks
Sindy Nagra is a 42-year-old former administrative assistant for Enterprise Rent-A-Car. She is also a thief. Nagra was prosecuted for stealing sensitive customer information and selling it to cyber criminals for £5,000. In early January (2016), after being convicted of her crimes, the court ordered her to pay a £1,000 fine along with a £100 victim surcharge and £864.40 in prosecution charges. Her total bill: £1964.40. Her crime netted her a profit of just under £3,046.
This miscarriage of justice led the Information Commissioner to speak out. In an official statement from the Commissioner's office, Christopher Graham made it clear that sentencing options need to be stronger for these kinds of cases. He said he understands that courts might be limited by a defendant's ability to pay fines and charges, but courts still do not go far enough. In this case, the penalty did not even come close to matching the crime. There is no incentive for this woman to not repeat her crime in the future.
“Sindy Nagra got £5,000 in cash in return for stealing thousands of people’s information,” Graham said. “She lost her job when she was caught, and has no money to pay a fine, and the courts have to reflect that. But we’d like to see the courts given more options: suspended sentences, community service, and even prison in the most serious cases.”
Ironically, Nagra was not alone in her crime. She sold the information to another person who was found guilty by the same court of 55 offences. His fines and charges were even less than Nagra's. It is apparent from the two sentences that criminal networking can be rather profitable with favourable courts on one's side.
Enforcement Key to Fighting Crime
There is plenty to be disturbed about in this story. For a start, enforcement is always the key to successfully fighting crime. In this case, enforcement was mostly non-existent. It failed the victims harmed by Nagra. But taking things one step further, cybercrime requires a stronger action by enforcement authorities because of its potential to affect so many more people on such a large scale.
For example, consider a third-party vendor who might offer managed services to a large corporation with hundreds of thousands of customers. It only takes one or two employees willing to steal information to ruin the lives of thousands of individuals and permanently damage the reputation of the company. Prior to the digital age, crooks had to steal one person at a time. Now they can steal thousands or event millions in one, giant, electronic swoop.
The global proliferation of IT services and online data sharing have raised the stakes considerably. All of us face the very real threat of becoming victims of cybercrime in a world in which so much information seems to flow so freely. Furthermore, no amount of preventative measures will stop cyber criminals from doing what they do. Essentially, we need stronger enforcement that includes sentences severe enough to dissuade criminals in the future.
Source: ICO – https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2016/01/information-commissioner-repeats-call-for-stronger-sentences-for-data-thieves/