The Information Commissioner's Office (ICO) has found Kent Police in breach of the Data Protection Act.
Documents containing confidential personal information were stolen from a police officer's car while it was parked overnight at a residential address.
The information was passed to a local police station after being found the following day in a nearby street by a member of the public.
An ICO investigation found that the officer had not used his secure briefcase to transport the papers, nor had he been provided with a secure storage facility at his home.
The investigation concluded that Kent Police's policies and procedures regarding the transportation and storage of personal information away from the office needed to be improved.
Adrian Leppard, temporary chief constable of Kent Police, has now signed a formal undertaking to ensure that staff whose roles require them to have access to confidential information outside the office are provided with secure transportation and storage facilities.
The policies covering the transportation, storage and use of personal and protectively marked information will also be clarified, and all staff will be made aware of their requirements.
"It is essential that police forces ensure the correct safeguards are in place when storing and transferring personal information, especially when it concerns highly confidential information," said Sally-anne Poole, enforcement group manager at the ICO.
A lack of awareness of data protection requirements can lead to personal information falling into the wrong hands, she said.