Courts should have the power to punish people breaching the Data Protection Act with prison sentences, MPs on the justice select committee have said.They say fines - usually about £150 per breach - are an \"inadequate\" deterrent when the financial rewards can be considerable.Their report also warns the information commissioner lacks the powers to fully investigate personal data abuses.The government said the issue of prison sentences would be kept under review.Sir Alan Beith, the Lib Dem chairman of the justice committee, said using deception to obtain personal information - known as blagging - or selling it on without permission were \"serious offences that can cause great harm\".\"Magistrates and judges need to be able to hand out custodial sentences when serious misuses of personal information come to light.\"Parliament has provided that power, but ministers have not yet brought it into force - they must do so.\"The move would require the government to enact section 77 and 78 of the 2008 Criminal Justice and Immigration Act.Currently, magistrates can impose fines of up to £5,000, and the crown court an unlimited fine. But, in practice, fines are much lower because judges have to take into account the defendant\'s ability to pay, the report says.The report highlighted several cases in which the financial gain from data protection breaches had exceeded the penalty, including a nurse who passed on patient details to her partner who worked for an accident management company.She was fined £150 per offence, but accident management companies pay up to £900 for a client\'s details.It also noted a 2008 case in which two former BNP members posted the party membership list on the internet, after which a district judge at Nottingham Magistrates\' Court said: \"It came as a surprise to me, as it will to many members of the party, that to do something as foolish and criminally dangerous as you did will only incur a financial penalty.\"The Information Commissioner Christopher Graham has long called for the courts to be given the power to impose custodial sentences.However, last month, he told the committee he feared any effort to increase the punishments would be delayed by the Leveson inquiry into press behaviour.He said routine hacking and blagging of personal data by financial services, debt collection and claims management companies was going untackled, and he expected the inquiry into phone hacking by newspapers to distract even more attention away from the problem.A Ministry of Justice spokesman said: \"We are aware the information commissioner has called for prison sentences to be made available for data protection breaches.\"The government is keeping this issue under review, and we will look at the report with interest.\"The justice select committee\'s report also warned possible misuses of personal data were not being fully investigated because the information commissioner lacked sufficient powers.Currently, he offers free data protection audits, but many organisations decline and not one insurance company has agreed to an audit, the report said.Sir Alan urged ministers to examine how the commissioner could investigate cases of data abuse properly without increasing the regulatory burden on businesses.The Data Protection Act 1998 gives people the right to know what information is held about them and to correct wrong information.It also protects individuals\' interests by obliging organisations to manage personal information appropriately.