Chief executives should be held responsible for data breaches, according to the results of a new vnunet.com poll.

Despite high-profile incidents such as the TK Maxx data breach and HM Revenue & Customs' (HMRC's) two lost CDs, it is clear that many organisations still have a lax approach to protecting customer details as data losses continue to occur on an alarmingly regular basis. We polled vnunet.com readers on what would be the best approach to ensuring firms take personal data security seriously.

Of the almost 500 readers who responded, 43 per cent (208 respondents) felt that the buck should stop at the very top with chief executives being held directly responsible for data breaches. Measures suggested in the past have included prison time or personal fines.

Almost a third of readers preferred the idea of hitting firms where it really hurts – in the wallet. Thirty-two per cent (153 respondents) said slapping fines on organisations that lose customer details was the best approach to forcing improvements to data protection.

A smaller proportion favoured a legal approach: 16 per cent (78 respondents) called for the introduction of US-style data breach rules, which oblige firms to notify customers of any security lapses that could put them at risk.

Somewhat surprisingly the option of customers voting with their feet gained little traction among readers. Only nine per cent (44 respondents) felt that boycotting firms with poor security records would have an impact.

As part of the government response to the ongoing issue of data breaches, this week it was revealed that Information Commissioner Richard Thomas has been granted new powers to help prevent further data losses.

Meanwhile, this month marks the one-year anniversary of the HMRC data breach, details of which first surfaced on 20 November 2007. It was this breach that proved the catalyst for the huge public sector data protection shake-up of the past year.