Richard Thomas revealed today that 277 data breaches had been reported to his office since November 2007, with 80 in the private sector.

"The number of breaches brought to our attention is serious and worrying," he said.

"Much more worrying is where organisations are not even aware that personal data has been stolen, obtained by fraud, or otherwise fallen into the wrong hands.

"Worse still there are still organisations which [sic] are not aware of the risks they face with any collection of data and have not taken adequate steps to deal with those risks."

He said that holding huge amounts of personal data brings significant risks of breaches and, with his call for tougher penalties for reckless or deliberate breaches.

Andrew Sawyer, sales director of Celerity, Howard Hunt's data management arm, said that the ruling was particularly pertinent for the print industry.

"I am amazed at how many direct mailers send data on non-encrypted disks, which is a huge risk," he said.

"Print companies also need to be looking at how they store and process data. We are currently investing huge amounts of time and money in securing ISO 27001, which goes well beyond what is set out by the Data Protection Act."

He warned that the authorities were becoming more stringent in their inspections and print companies needed to be constantly secure with data and invest the time and money required to avoid a breach.

"As personalised direct mail reduces run lengths, printers will have to add value with data management services, but the controls need to be in place before anyone even considers that service," he said.