The Information Commissioner's Office (ICO) has received over 1,000 reports of data breaches or losses since it was set up, and has issued a stern reminder that organisations must ensure that data is well protected.
Deputy commissioner David Smith said that the majority of the losses were the result of human error, and that companies need "extra vigilance" to stop data ending up in the wrong hands.
"Staff must be adequately trained in the value of personal information and how to protect it," he said.
"Organisations should have clear security and disclosure procedures that staff can understand, and these should be properly implemented and followed by staff."
The NHS remains the biggest culprit with 305 reported incidents of lost or stolen data, followed by the private sector with 288 incidents. Details of all incidents are available in the ICO Security Breaches Report (PDF).
Smith also pointed companies to the ICO Data Protection Guide, which includes tips for avoiding wrongful disclosure.
However, Chris McIntosh, chief executive at encryption firm Stonewood, suggested that merely prompting organisations to train staff is not enough, and could leave employees facing the blame for any future losses.
"Organisations can say that they are putting into effect firm policies to protect data, but this report shows that, unless they match this with positive action, they will be doing nothing more than shifting the burden of responsibility onto employees," he said.
"It will be interesting to see what reaction there is to this report."
Connexin drops out of Ofcom auction due to start next week
SwiftKey users now send two billion emoji every week
Recruitment plans are 'most ambitious ever', claims Openreach HR director Kevin Brady
Samsung's under-the-hood improvements separate the S9 from the pack when it comes to the display