The ATL lost a laptop and memory stick containing the personal details of over 6,000 members of the education union.
No details of members’ bank accounts or other financial details were held on the laptop or memory stick, the union said.
Both devices, which were password protected but not encrypted, were lost or stolen while an ATL member was packing his car.
ATL general secretary Mary Bousted has signed an undertaking to ensure that all portable storage devices used for personal details are encrypted by 28 February 2010.
Organisations should prevent staff from downloading large amounts of personal data, said Sally-Anne Poole, head of enforcement at the ICO.
"It is vital that portable devices are encrypted if they are used to store personal information," she said.
In January, the ICO warned that organisations may face tougher sanctions if they fail to report security breaches that later come to light.
Firms that incur serious data breaches could be fined up to £500,000 when new statutory guidelines come into force on 6 April.
According to the ICO, over 800 data security breaches have been reported in the past two years.