The laptop, which contained names, dates of birth, national insurance numbers and investment amounts, was stolen from a Skipton contractor at a gym in December.
The ICO said that Skipton should have had appropriate encryption measures in place to keep the data secure.
Skipton has now signed a legal document agreeing to ensure the security of personal data in the future.
Sensitive information held on laptop computers either by Skipton or one of its contractors must be encrypted to provide effective protection against unauthorised access. Skipton has also agreed to ensure that risk assessments are carried out where third parties are processing data on its behalf.
Mick Gorrill, assistant commissioner at the ICO, said: "It is not always possible to prevent the theft of mobile devices such as laptops, but it is possible to minimise the damage caused by such losses. Companies must introduce adequate security procedures and safeguards, for example password protection and encryption, to protect personal information before it is allowed to leave the premises on a laptop."
Last year, Gordon Brown announced that the ICO would be given increased powers to conduct spot checks of government departments. The information commissioner has called for these powers to be extended to cover all public bodies and private sector organisations.