Organisations that lose sensitive data could be fined up to £500,000 by the Information Commissioner's Office.
Secretary of State for Justice, Jack Straw, has already approved the penalties for those who break the Data Protection Act.
Fines will be determined by an investigation into the data loss that will take into account whether the loss was accidental, the effect the leak had as well as the size and financial position of the organisation.
"These penalties are designed to act as a deterrent," Information Commissioner, Christopher Graham said.
"When things go wrong, a security breach can cause real harm and great distress to thousands of people. I remain committed to working with voluntary, public and private bodies to help them stick to the rules and comply with the Act. But I will not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law."
The new penalties are expected to come into force on April 6 this year.
Chris McIntosh, CEO of hardware encryption specialists Stonewood, said the new penalties showed the government is taking data loss seriously, but there is still a long way to go.
"Given the potential damage in terms of reputation and finances a data loss or breach could cause, businesses must realise just how serious the need to protect data is," McIntosh said.
"Considering it only costs around £200 to encrypt a hard drive and the cost of a breach can now be anything up to half a million pounds in fines alone, it really is in everyone's interest to protect the data that they hold."