The lawful use of personal information in the United Kingdom is governed by the General Data Protection Regulation (EU) 2016/79 and the Data Protection Act which this Government passed in 2018, and overseen by the independent Information Commissioner’s Office (ICO). The ICO carries out a wide programme of activity (such as investigation into reported data breaches and audits of organisations’ processing) which helps to ensure that organisations meet their obligations with regard to protecting the personal information they hold from being misused or falling into criminal hands. It can also issue Enforcement Notices requiring organisations to take certain actions, and can impose fines of up to 4% of annual turnover or €20m (whichever is higher) for serious breaches of Data Protection.
The Government has strengthened the law enforcement response to cyber crime, including to disrupt and deter criminal efforts to gain personal information through hacking and other computer misuse offences. Through the National Cyber Security Programme (NCSP), the Home Office has invested over £200 million since 2010, in the law enforcement response to the cyber crime threat, and we continue to invest. In the last year we have seen the launch of specialist Cyber Crime Units in every local police force, supported by funding from Government. We continue to invest in improving the capabilities of the NCA’s National Cyber Crime Unit (NCCU) and of the cyber teams in each of the Regional Organised Crime Units (ROCUs) across England and Wales.
Through the Government’s Cyber Aware programme we have also provided the public and small businesses with the latest advice on how to take simple steps that will protect them and their personal information from cyber crime.
We have launched a new three year programme led by the Home Office to tackle illicit use of the dark web. This will build on the ongoing investigative work of policing and intelligence agencies to disrupt and bring to justice those who use the anonymity of the Dark Web to trade in illegal goods and services, including personal data.