The Information Commissioner's Office (ICO) has confirmed that it has issued 21 data breach fines totalling 2 million since April 2010.
The data protection watchdog was given powers to issue financial penalties against firms that fall foul of the Data Protection Act (DPA) in April 2010.
The Information Commissioner, Christopher Graham, said the number of penalties it has issued should spur companies on to take better care of their data.
We hope these penalties send a clear message to both the public and private sector.
"We hope these penalties send a clear message to both the public and private sectors that they cannot afford to fail when it comes to handling people's data correctly," he said.
The figures were published in the ICO's 2011/2012 annual report, which revealed a small drop in the number of data protection complaints it has received over the past year.
The findings show there were 12,985 data protection complaints made to the ICO, which is 0.3 per cent lower than in 2010/2011.
However, the organisation noted a 43 per cent rise in the number of complaints about unsolicited marketing calls and texts, totalling 7,095.
Graham stressed this was an important area of focus for the ICO, as it now has powers to fine the companies responsible up to 500,000.
"We have now set up a dedicated team to enforce the Privacy and Electronic Communication Regulations and are working to identify the operators responsible," he said.
"The ICO has executed search warrants at a number of sites across the UK linked to companies we believe are breaking the law.
"We have also set up an online reporting mechanism on our website that allows people to report any marketing texts or calls from unidentified senders," he added.
The ICO also announced that it has fined a financial services firm 150,000 for losing two backup tapes containing personal details belonging to half a million customers.
The tapes, which belonged to Welcome Financial Services Limited, were lost last November and have never been recovered.
