27 October 2011
Last updated at 04:36 ET
Courts should have the power to jail people who breach the Data Protection Act, MPs on the justice select committee have said.
They say fines - usually about �150 per breach - are an "inadequate" deterrent when the financial rewards can be considerable.
Their report also warns the information commissioner lacks the powers to fully investigate personal data abuses.
The government said the issue of prison sentences would be kept under review.
'Great harm'
Sir Alan Beith, the Lib Dem chairman of the justice committee, said using deception to obtain personal information - known as blagging - or selling it on without permission were "serious offences that can cause great harm".
"Magistrates and judges need to be able to hand out custodial sentences when serious misuses of personal information come to light.
"Parliament has provided that power, but ministers have not yet brought it into force - they must do so."
The move would require the government to enact section 77 and 78 of the 2008 Criminal Justice and Immigration Act.
Currently, magistrates can impose fines of up to �5,000, and the crown court an unlimited fine. But, in practice, fines are much lower because judges have to take into account the defendant's ability to pay, the report says.
The report highlighted several cases in which the financial gain from data protection breaches had exceeded the penalty, including a nurse who passed on patient details to her partner who worked for an accident management company.
She was fined �150 per offence, but accident management companies pay up to �900 for a client's details.
It also noted a 2008 case in which two former BNP members posted the party membership list on the internet, after which a district judge at Nottingham Magistrates' Court said: "It came as a surprise to me, as it will to many members of the party, that to do something as foolish and criminally dangerous as you did will only incur a financial penalty."
Press behaviour
The Information Commissioner Christopher Graham has long called for the courts to be given the power to impose custodial sentences.
However last month, he told the committee he feared any effort to increase the punishments would be delayed by the Leveson inquiry into press behaviour.
He said routine hacking and blagging of personal data by financial services, debt collection and claims management companies was going untackled, and he expected the inquiry into phone hacking by newspapers to distract even more attention away from the problem.
Deputy Prime Minister Nick Clegg has suggested that jail sentences for people found guilty of "blagging" should be looked at - in cases where information was clearly not obtained in the public interest.
Gordon Brown attempted to introduce prison terms of up to two years for the offence when he was in power but the law was never enacted amid concerns from newspaper bosses.
Daily Mail editor Paul Dacre said at the time that this would "have a truly chilling effect on good journalism".
The Ministry of Justice said it was keeping the issue "under review" and would study the committee's report with interest.
Data audits
The MPs' report also warned possible misuses of personal data were not being fully investigated because the information commissioner lacked sufficient powers.
Currently, he offers free data protection audits, but many organisations decline and not one insurance company has agreed to an audit, the report said.
Sir Alan urged ministers to examine how the commissioner could investigate cases of data abuse properly without increasing the regulatory burden on businesses.
The Data Protection Act 1998 gives people the right to know what information is held about them and to correct wrong information.
It also protects individuals' interests by obliging organisations to manage personal information appropriately.