These policies have been in place for several years and there were insufficient checks that relevant policies were being followed or understood by staff, said the ICO.

It added that Hounslow Council breached the Act by failing to have a written contract in place with Ealing Council. Hounslow also did not monitor Ealing Councils procedures for operating the service securely.

ICO deputy commissioner David Smith said, Of the four monetary penalties that we have served so far on organisations, three concern the loss of unencrypted laptops. Where personal information is involved, password protection for portable devices is simply not enough."

Smith said, The penalty against Hounslow Council also makes it clear that an organisation cant simply hand over the handling of the personal information it is responsible for to somebody else, unless they ensure that the information is properly protected."

The latest fines come after ICO warned that around 13,000 councillors were the Data Protection Act after not registering as data controllers.