Employees of city organisations are ignorant to new fines that could cost the company £500,000.

As the Information Commissioner's Office (ICO) prepares to roll out fines of up to £500,000 for serious breaches of the Data Protection Act, research by Cyber-Ark has found that two-thirds of employees surveyed said that nothing has ever been said to them about the regulations.

The survey of 500 city workers found that 71 per cent said that now that they had been made aware of the financial implications, they would be more careful with how they handle data in future. Almost all (93 per cent) of the respondents revealed that if they were personally held liable for protecting customers' data, they would certainly be more careful with how they handle it.

Adam Bosnian, vice president of products and strategy at Cyber-Ark Software, claimed that to find that workers are walking about with unprotected customer records was staggering.

He said: “Education is one piece of the puzzle in making sure that those people who do have access to privileged data are responsible with it and recognise the vital role they play in an organisation's compliance obligations. Organisations also need to control privileged users and accounts to protect sensitive information, such as customer data, from navigating its way into the wrong hands.

“By having the tools in place that manages who has access to what data, and tools in place to keep track of what they do with it, organisations can regain control – a pretty real need not only to respect the information but to avoid the hefty fines that will soon come into force.”

Of those surveyed, 64 per cent admitted to carrying customer data with them on mobile devices, yet 38 per cent protect it with ‘nothing', only 50 per cent use a password and just 12 per cent encrypt the data to protect it from falling into the wrong hands.