Individuals who negligently disclose personal data could be jailed for up to two years under legislation voted through by the House of Lords last week.

A proposed addition to section 55 of the Data Protection Act (DPA) ­ which also covers data controllers in the public sector ­ would make it a criminal offence to lose personal information.

Lord Erroll, who voted on the amendments, said it would help prevent more breaches such as HM Revenue and Customs’ loss of 25 million families’ details.

“Data controllers need to wake up to the importance of personal data, whether in the public or the private sector,” he said.

A second amendment voted through ­ which gives the Justice Secretary the power to increase the penalty for deliberately trading in personal data to a two-year prison sentence ­ will also apply to those who negligently lose data.

The Justice Secretary would first have to consult with the Information Commissioner’s Office (ICO) and other “appropriate” bodies before the penalty is increased.

The amendments ­ part of the Criminal Justice and Immigration Bill ­ still need to be approved by the House of Commons, but Tory and Liberal Democrat support is expected to help see them through.

If passed, they will also remove specific exemptions from prosecution under the DPA for government departments and certain other Crown officials.

The Act will continue to be policed by the information commissioner. It is not yet clear what will constitute “intentionally, knowingly or recklessly disclosing personal data” as specified by the amendment, but ICO guidelines suggest incorrect data protection procedures and unencrypted devices might constitute offences.

An ICO spokeswoman said the office was disappointed at not being able to levy penalties directly for Section 55 offences as first proposed, but that the amendment was a step forward.

“We would have preferred the clause to remain unchanged, but we understand that the Justice Secretary will be able to introduce prison sentences if illegal activity continues,” she said.

Tory shadow home affairs minister James Brokenshire said he would welcome moves for “the reckless handling of personal data by government officials” to be made an offence.