Recruiters who commit serious data theft offences could find themselves in prison, if new proposals by an independent body are taken up.

Information Commissioner Richard Thomas's office, which is responsible for the regulation and enforcement of data protection policies in the UK, wants tougher penalties for those found guilty of serious breaches of the Data Protection Act, with a prison sentence looming over repeat offenders.

Any proposals made by the commissioner would still have to be ratified by MPs, but they offer the clearest indication yet that data thieves will face hard sanctions.

Sally Macauley, solicitor at law firm Blake Lapthorn Tarlo Lyons, told Recruiter: "This is really targeted at serious or repeat offenders, or people who steal a database and then sell the information on."

It is thought that a custodial sentence would only be applicable for contraventions of section 55 of the Act — disclosing or obtaining information without the data controller's knowledge. Misdemeanours of a lesser nature would still be punishable by a fine.

But one recruiter for the oil and gas sector said he thought a prison sentence would be "a little extreme" for such offences. James Usher, a director at Altrincham-based Six Recruitment, claimed more effective policing of data protection policies would be a better solution.

"I don't think a custodial sentence is the right way to do it," he said. "More strict policing of data protection is more appropriate."