The Information Commissioner's Office has published the details of the first fines that it has issued since gaining the power to do so in April 2010.
However some experts have pointed out that the damaged sought out, £100000 for the Hertfordshire County Council and £60,000 from A4e are only a fraction of the maximum £500,000 fine that the law allows.
The second case, in particular, was highlighted as one where the ICO should have been more forceful. As Computerweekly pointed out, A4e is company that has annual revenues of £145 million and yet has been charged £2.50 for each record lost.
The laptop, which was stolen from an employee house, contained sensitive information that was unencrypted and, if wrongly used, could cause very serious distress to those concerned.
The Information Commissioner, Christopher Graham, did not reveal why the company was only fined £60,000 or if the ICO plans to carry out audits in the near future - as in Google's case - to determine whether the either A4e or Hertfordshire County Council have implemented additional checks to make sure that the incidents do not happen again.