Commissioner wants data protection raids

The recent loss of 25 million names and address from the child benefits database was "a shocking example of loss of security", according to Information Commissioner Richard Thomas.

Thomas said this breach and others that were likely to surface showed the need for his department to be given more powers.

Giving evidence yesterday to the House of Commons Justice Committee, Thomas also wants his department to be able to carry out raids at both public and governmental organisations to ensure they are protecting sensitive data properly.

He said in the last two weeks a number of public and private sector companies had admitted to him that they had lost data, although none was on the scale of the "shocking" incident at HM Revenue and Customs (HMRC), which made other breaches "pale into insignificance".

Prime Minister Gordon Brown has announced that the Information Commissioner's Office (ICO) would be given the powers to audit the data-protection policies and practices of public authorities without their permission, but Thomas said it was not enough.

Responsible for data protection as well as freedom of information, Thomas said although the HMRC data loss "has been a massive wake up call" over the importance of data protection, the law had to be changed and organisations that fail to take care of people's personal information should face criminal charges.

"The systems should be proof against criminals, idiots and those who break the rules," he said.

He said this would mean more money for the ICO which currently operated on a budget of £10m, compared with £890m for health and safety and £269m for financial services.

"We can't do these checks without adequate resources," Thomas said.