The Law Commission is to undertake a review of the law surrounding breaches of protected government data.
The investigation, will be chaired by law commissioner for criminal law and evidence professor David Ormerod QC.
The commission is currently discussing the scope and terms of reference with the Cabinet Office, which has commissioned the study.
A government statement said: “The government can use civil and criminal sanctions to manage instances where individuals do not protect government information as they should.
“The Law Commission will research potential improvements to these sanctions and prepare a report for government.”
Currently, the Information Commissioner’s Office takes the lead in taking action against individuals and organisations responsible for data breaches.
Its main tools include issuing undertakings committing an organisation to improve compliance and serving enforcement notices.
The ICO can also serve assessment notices to conduct compulsory audits to assess whether organisations’ processing of personal data follows good practice.
In extreme cases, it can prosecute those committing criminal offences under the Data Protection Act and issue monetary penalty notices of up to £500,000.
The review will begin early next year, with the aim of reporting to by the end of 2016.