The Information Commissioner's Office (ICO) must focus on encouraging organisations to raise employee awareness of the need for robust data security, and not just rely on the threat of fines to do this.
So argues Phil Allen, director of identity and access management EMEA at Quest, the software vendor recently acquired by Dell, who believes visibility of the data security issue is the key issue.
"People do need to understand that getting this under control is an important thing. I don't know whether specifically naming and shaming people will really raise that visibility, it may well do," he told Computing.
"I think people do need to consider the consequences of what happens when they lose information, especially personal identifiable information associated with it. People really need to think about the consequences of what happens when they lose that information and what would be the cost to the business."
Allen believes the impact of a data breach on an organisation's reputation is far greater than that of a fine by the ICO.
"I think realistically when people actually start losing that information, the overall cost to the organisation isn't the cost of the fine that they may get; it's far more likely that the cost of the damage to the brand, or the cost of the loss of customers is going to be far, far, greater," he said.
Employees need to realise they're responsible for sensibly storing data and adhering to the Data Protection Act, argues Allen.
"Whichever way people gain visibility to those losses, I think that's got to be the focus area; making people aware that they really are responsible. I think a lot of people understand that they've got the Data Protection Act that they need to follow and people have always taken the best interest in doing that."
However, Allen suggests some information is lost because businesses just aren't governing it properly.
"But data breaches do still occur and a lot of that happens because people are unwittingly having information end up in places it wasn't supposed to end up. That just comes down to the fact that there aren't necessarily levels of data access governance that could exist within the organisation," he said.
Greater Manchester Police was recently fined £120,000 by the ICO for failing to take appropriate measures against the loss of personal data.