The ruling follows the theft of a laptop in May 2007 which contained unencrypted personal information on 26,000 M&S employees.
An ICO investigation revealed that the laptop, which contained details about pension arrangements, was stolen from the home of an M&S contractor.
The UK data watchdog said that the sensitive nature of the information meant that M&S should have had appropriate encryption measures in place to keep the data secure.
Mick Gorrill, assistant commissioner at the ICO, said: "It is essential that before a company allows personal information to leave its premises on a laptop there are adequate security procedures in place to protect personal information.
"The ICO has issued clear guidance to help employers understand their obligations under the Data Protection Act.
"Organisations which process personal information must ensure that information is secure. If organisations fail to introduce safeguards to protect information they risk losing the trust and confidence of employees and customers."
The ICO has issued M&S with an Enforcement Notice which orders the company to ensure that all laptop hard drives are fully encrypted by April 2008.
Failure to comply is a criminal offence and may result in the ICO taking further action against the company.
Allen died from complications of non-Hodgkin's lymphoma
Stanford researchers made the discovery via data from Greenland
Created via a thin, flexible, and transparent hierarchical nanocomposite film
Rolls Royce will use AI powered by Intel's Xeon Gold processors and SSDs for memory