The Information Commissioner actively seeks exposure for companies guilty of poor handling of data protection issues which will lead to adverse publicity.

In January 2008 Marks & Spencer professed surprise at an Enforcement Notice served by the Information Commissioner in respect of a lap-top containing personal information relating to 26,000 employees stolen from the home of a contractor in April 2007.

M&S were already working with the regulator to improve information systems security. However the regulator could not forgo the opportunity to publicise its views on lap-top encryption and make an example of such a high profile organisation.

Recent security breaches have made news headlines without the intervention of the Information Commissioner. This type of security breach affects the reputation of the organisation and the professional and career reputation of individuals as well as exposing individuals to potential identity fraud and very real worry and concern until the issue can be resolved, if indeed it can be resolved.