Organisations that lose sensitive data could be fined up to £500,000 under newly approved penalties.
The level of fines imposed by the Information Commissioner’s Office will depend on factors such as whether the loss was accidental, the effect the loss had and the size and financial position of the organisation.
The new penalties are expected to come into force on 6 April. Justice secretary Jack Straw approved the penalties for those who break the Data Protection Act.
Information commissioner Christopher Graham said: “These penalties are designed to act as a deterrent.
“When things go wrong, a security breach can cause real harm and great distress to thousands of people. I remain committed to working with voluntary, public and private bodies to help them stick to the rules and comply with the act. But I will not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law.”