Almost two-thirds of London's city workers are unaware that businesses can be fined up to £500,000 for serious data breaches after 6 April, a survey has revealed.
The fines are part of new powers granted to the Information Commissioner's Office that were confirmed in January to help enforce UK data protection laws
Some 65% of the 500 city workers polled by security firm Cyber-Ark Software said they have not been informed of the new fines for breaches of personal data.
"People increasingly understand the need to protect their data, but for some reason it is not always top of the CISO's priority list - and it should be," said Adam Bosnian, vice president of products and strategy at Cyber-Ark.
One of the biggest areas of risk is the mobile device, the survey revealed, with 64% of those polled carrying customer data on them, yet 38% admitting doing "nothing" to protect that information.
Only 50% use a password and just 12% encrypt this information to prevent it falling into the wrong hands.
"This will delight the hacking community as many know it only takes minutes to crack most people's passwords," said Bosnian.
In addition to educating people with access to privileged data to be more responsible with it, organisations need to control privileged users and accounts, he said.
"By having the tools to manage who has access to what data and to keep track of what they do with it, organisations can regain control," he said.
Education and control are essential to protecting information and avoiding the hefty fines that will come into force on 6 April, he said.