The NHS is the country's worst offender in terms of losing citizens' personal information, but HM Revenue & Customs is responsible for the single biggest data breach, the Information Commissioner's Office has said.
The ICO said more than 1,000 data breaches had been reported to it, many of which were the result of human or technical error. Mistakes included staff disclosing personal details to the wrong people and automated machines that send letters to the wrong addresses. Loss or theft of hardware made up more than half of breaches.
This week, HMRC apologised for sending the personal details of 50,000 taxpayers to the wrong people.
An ICO spokesman said the regulator had not yet prosecuted a firm under new powers that enable it to levy fines of up to £500,000 per breach.
He said in aggregate the NHS had lost more people's data, but the HMRC's loss of two compact discs that contained personal details of 27 million child benefits claimants was the biggest single breach.
Deputy information commissioner David Smith said better staff training was needed to reduce data losses.