A new rule, approved by the Secretary of State for Justice and expected to come into force on 6th April 2010, will enable The Information Commissioner’s Office (ICO) to issue fines of up to £500,000 for serious data security breaches.

This new power is in no doubt a reaction to several high profile data losses from large organisations including the DVLA and the Ministry of Defence.

With an enormous amounts of personal data stored and processed online, Christopher Graham, the Information Commissioner, said he hoped the penalty would encourage companies to comply more closely with the Data Protection Act.

“These penalties are designed to act as a deterrent,” he said in an official press statement.

“I remain committed to working with voluntary, public and private bodies to help them stick to the rules and comply with the Act. But I will not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law.”

Under the most recent Act of 1998, data can only be used for the purposes for which it is collected and cannot be given to others without the consent of the individual.