In a paper presented to Government Thomas said that while the Data Protection Act (DPA) carried a duty for data controllers to comply with the principles of the Act there was no punishment for not doing so.
"The precise form any penalty might take will require careful consideration. The creation of a new criminal offence is an obvious option," said the paper, which has been submitted to Government.
"Most importantly [it] would send a clear message that data protection requirements can not be ignored or dismissed. They must be taken seriously by every organisation that processes personal information," said the paper.
Thomas has also asked for the power to stop immediately any data processing his office finds that is "seriously unlawful".
What on earth is the distinction between unlawful and seriously unlawful. Surely it's either unlawful or lawful.
"The ICO [Information Commissioner's Office] would welcome injunctive powers of intervention that would effectively stop the unlawful practices from continuing pending any prosecution or other enforcement activity," said the ICO document. At the moment the ICO can issue an enforcement notice, but its effects are suspended while any appeal to the Information Tribunal is heard. This, said the note, can take months.
Thomas also repeats his request for the power to audit a company's data processing without its permission. Until recently the ICO needed permission to audit any body's practices.
In the aftermath of HM Revenue and Customs' loss of the personal details of 25 million child benefit claimants, though, the Government said that permission would not be needed for public bodies.
Thomas has re-iterated his desire to have that power extended into the private sector. He has even said that it would be hard to carry on in his duties without it.