France, speaking to an audience of IT directors and MPs, said that it was no longer acceptable for businesses and public bodies to claim ignorance of data protection principles that had been in force since 1984.
While describing her powers as "cumbersome", France warned that a review was under way at the Information Commission, which could lead to the introduction of stronger enforcement powers.
A new European telecoms directive could provide ministers with the opportunity to strengthen the commission's hand in some areas of enforcement, if they were convinced of the need to do so, she said.
The commission is dealing with a deluge of complaints against organisations that send out unsolicited junk faxes. It has also intervened over the Home Office's plans to use the Police National Computer as the basis of a criminal records certificate, because of concerns over the poor quality of data it holds.
Data protection can no longer be left to IT departments alone, France warned, but must be part of the whole business strategy.
Ignorance of the data legislation appears to be receding - 84% of IT managers who responded to this week's Computer Weekly/Harvey Nash Big Question said their organisation is aware of how these laws determine the way they conduct business activities such as monitoring e-mail and storing personal data.