The ICO recognises that SMEs will not have the technical expertise that many larger businesses have at their disposal, it said.
"The absence of a simple security standard and certification process, perhaps including a self-certification mechanism, is a major barrier for SMEs wishing to implement security,
"Many small businesses use personal information, and we recognise that SMEs need practical and concise guidance to help them comply with the law and handle personal information appropriately," it noted.
The watchdog said advice for SMEs is not where they would normally try to find it, and that sites such as Business Link, the British Chambers of Commerce and the Federation of Small Businesses should show visitors the way to other sites containing more comprehensive information.
Small businesses could now be fined up to £500,000 for data security breaches, following a change in the law earlier this year.