The UK government will hear calls at this year's Infosec security conference to introduce legislation forcing organisations adequately to protect the data they hold on customers and UK citizens.

Gary Clark, vice president of SafeNet in EMEA, will point out that public sector and private companies have lost nearly 40 million items of sensitive data in the past year, including names, addresses, patient records and bank account details.

If allowed to continue unabated, Clark reckons that the high rate of sensitive data loss could see identity fraud escalate to an unforeseen level.

The proposed legislation would force private and public sector organisations to identify process weaknesses, adopt robust security standards and encrypt all sensitive data.

Those organisations found in breach of the standards could face fines and possibly criminal charges.

"The UK public should be able to rely on organisations, such as banks and government departments, to take care of their sensitive details," said Clark.

"However, given the stream of recent data loss disasters, it is clear that the typical approach to protecting this data is not good enough."

UK fraud prevention service CIFAS said that there were 77,500 reported cases of identity fraud in Britain in 2007, costing more £1.5bn annually. Both these figures are likely to be much higher in 2008.

"Couriers losing discs or laptops containing unencrypted data is unacceptable, especially as the technology and the knowledge exist to prevent this happening," added Clark.

"It is not surprising that the public's trust is wavering, and taking serious legislative steps is the only way to rebuild it and stem the data loss flow."