THE Information Commissioner's Office recommends organisations having a management plan ready in case there is a breach of data security.

The ICO, headed by Richard Thomas, said as well as an investigation there should also be "damage limitation" using legal and IT specialists.

This team should then decide who needs to be aware of the lost data and what they need to do to get it back.

The ICO says backing up data is a good idea, as well as using IT systems which show when someone else is trying to get access to it.

The commissioner also says it's vitally important to work out how many people would be affected by a breach and legal problems might arise from this.

The next step is to work out how the breach happened and if this is a result of "systemic or ongoing" problems. The ICO should be notified if there is a loss of personal data but local authorities don't have a legal duties.

The British Standards Institute and the Department for Business, Entreprise and Regulatory Reform have both produced guides and checklists for organisations in handling personal data securely.

They say someone should have responsibility for keeping the information safe, which will include regularly reviewing security.

This will be mainly in offices but the person with responsibility is also meant to check if data being taken out and about is transported securely.

The International Information Security Standard, which Devon County Council hopes to subscribe to, is run by the British Standards Institute.