Less than 77% of organisations have established policies that cover electronics records, according to a report by information services firm Iron Mountain.
In contrast, 80% of 3,500 organisations surveyed in the US and elsewhere have firm policies for managing physical records, said the report released on 28 January to mark international Data Privacy Day.
"This is an appalling indictment of the state of corporate data protection," said Andy Cordial, managing director at Origin Storage.
Failure to protect data effectively is unacceptable from a legal and regulatory point of view, he said.
The risk is made even greater by the explosive growth of electronic information, growing consumer concern about data protection and increased regulation, the report said.
"Managing records is about managing risk," said Bob Brennan, president and chief executive at Iron Mountain.
Organisations that understand this have developed enterprise-wide programmes to ensure they comply with increasing regulatory requirements, he said.
Origin's Cordial said firms that take a serious attitude towards encryption, are typically the most responsible when it comes to security policies.
"And those that don't take a serious approach to the issue also tend to get hit by legal action and regulatory fines," he said.