New laws could spell rough justice for companies that compile personal data for use in mailing lists without providing proper data protection for individuals. The changes to the Anti Fraud Act mean that the offence now carries a maximum prison sentence of 10 years.

The change, which was announced last year, comes into effect this week. Companies using the internet, and other publicly available information resources, will have to make their true intentions known to whoever is affected by their actions.

Crucially, the act also outlaws the possession of phishing software. Phishing is used to garner private information, such as bank details or passwords, by deception.

Phishy emails

An email is sent out to multiple recipients, pretending to be from a well-known company. The email links to a mock-up of the company's site - usually designed so accurately that the user fails to notice the difference - and asks them to log in. Straight away the user has unwittingly handed over their password to the phishers.

In the past, customers of major highstreet banks have often been targeted by phishers. More recently, MySpace users were ambushed by phishing scams.

A statement released by the Home Office said: "The Act replaces the existing complicated array of over-specific and overlapping deception offences.

"These offences have proved inadequate to tackle the wide range of possible fraudulent activity today or keep pace with rapidly developing technology."