The Information Commissioner's Office (ICO) has found the West Berkshire Council in breach of the Data Protection Act (DPA).
The council lost a USB stick containing personal information about children and young people.
The memory stick, which was unencrypted and not password protected, contained, among other things, information relating to the ethnicity and physical or mental health of the children.
The ICO found that unencrypted devices, in operation before the council introduced encrypted memory sticks in 2006, were still being used by members of staff.
The ICO also found that staff had not received appropriate training in data protection issues and monitoring of compliance with the council's policies was found to be inadequate.
This is the second data security incident reported by West Berkshire Council within six months.
Nick Carter, chief executive of West Berkshire Council, has now signed a formal Undertaking to ensure that portable and mobile devices used to store and transmit personal data are encrypted.
Staff will also be made fully aware of the council's policy for the storage of personal data and receive appropriate training on data protection and IT security issues.
Sally-anne Poole, Enforcement Group manager at the ICO, said, 'It is essential that organisations ensure the correct safeguards are in place when storing and transferring personal information, especially when it concerns sensitive information relating to children.'
"A lack of awareness and training in data protection requirements can lead to personal information falling into the wrong hands. I am aware that staff have been provided with encrypted USB sticks since 2006, but older devices were not recalled. I am pleased that the council has now taken action to prevent further data breaches," she said.