New guidelines on systems design will help companies avoid the public relations disaster that engulfed Powergen last week, when the credit card details of thousands of customers appeared on the company's Web site.
The Data Protection Commission is drafting guidelines to address concerns that IT directors are not placing enough emphasis on security and data protection when they specify new IT systems.
"We would hope that when people are designing new systems, whether for Powergen or anyone else, the guidelines will help them consider the risks," said assistant commissioner David Smith.
The guidelines, which will be published by the end of the year, will encourage companies to consider how much information they really need to store on the Internet, before they consider the security needed to protect it.
Powergen has agreed to pay its 7,000 online customers £50 compensation and is hiring consultants to review its security policy. The credit card details were discovered on the Powergen Web site by customer John Chamberlain, an IT specialist, on 7 July.
Powergen said the breach was temporary and was caused by a technical error, which had been immediately corrected.