"Many people said the ICO would not have the guts to fine a local authority in the midst of economic trouble. It tells us something about his guts and his appetite," Room told IT PRO.
"In one fell swoop he has shown the ICO is one of the strongest [data protection bodies] in Europe."
As the fines were not close to 500,000 limit, Room said it is likely more hefty monetary penalties are in the pipeline.
However, Room said he was against the use of a cap, comparing the fines to the 2.27 million Zurich was told to pay earlier this year for losing data that was "arguably less important."
Nevertheless, the fines should have a positive impact on businesses, Room added.
"It should have a deterrent effect. It would be perverse if it didn't," he added.
Mark Fullbrook, director UK and Ireland at Privileged Identity Management (PIM) and information security expert at Cyber-Ark, agreed firms may now wake up to the need for proper data protection.
"Today's news should hopefully serve as a wake-up call for all those that have ignored this ticking time bomb for so long," Fullbrook said.
"The products are out there, so organisations need to get wise or risk the wrath of an ICO eager to flex its muscles."
Ed Macnair, chief executive (CEO) of Overtis, suggested the fines were not substantial enough, even though they may appear to be tough.
"At first glance this looks like the ICO has real teeth. However, in the case of the stolen laptop, the penalty is less than 3 for each lost record," Macnair said.
"When you consider the fact that A4e is a 145 million company, the breach has had a higher impact on the 24,000 individuals whose confidential information has been lost."
"Similarly, this council had clearly not learned from the first devastating security breach and continued to use the same insecure channel for sharing highly sensitive information," he added.
