Nearly three-quarters of organisations believe they have adequate data protection policies, but more 58% have lost sensitive data in the past two years, a survey has revealed.
Nearly 60% of respondents acknowledge that loss of sensitive data is a recurring problem, according to the survey of more than 5,500 business leaders by the Ponemon Institute for IT services firm Accenture.
Internal issues such as errant employees and business or system failures were cited most often as the cause of security breaches.
Almost 70% of respondents regularly monitor compliance requirements, which shows keeping up with regulations is not enough, the survey report said.
Some 70% of organisations agreed they had an obligation to secure customers' personal information.
But 45% were unsure or disagreed about allowing customers access to information collected, and 47% were unsure or disagreed about allowing customers to control how information is used.
Nearly half did not believe it was important to limit the collection or sharing of sensitive personal customer information, protect privacy rights and prevent loss or theft of data.
In contrast, more than half of 15,500 consumers surveyed felt they have the right to review information collected about them and control the way that information is used.
Most consumers (41%) said government has the greatest responsibility for ensuring information is protected, followed by companies (21%) and the individual (19%), but 20% said it should be a shared effort.
If data protection is focused on regulatory compliance, it should be replaced with a broader approach that takes into account all data collection, the report said.
Organisations should create a set of global privacy and protection standards and create a culture of caring with regard to data privacy protection, the report said.
Improved data protection will lower risk of fines and damage to reputation, which will help attract and retain customers, the report said.