Large private sector companies are lagging behind the public sector on their knowledge of data protection, according to the Information Commissioner's Office.
Security industry representatives say that in many cases the same is true when it comes to cyber security.
Just under half of private sector firms said that they should store personal information securely, compared with 60% of public sector organisations, an ICO survey found.
Overall awareness of five of the eight data protection principles increased between 2009 and 2010, but the survey revealed that levels of awareness are still higher in the public sector than among private sector organisations.
Newly-published figures show that information rights remain a high social concern among members of the public.
More than 90% of individuals ranked protecting personal information as a socially important issue. Only preventing crime ranked higher at 93%.
Nearly 90% of respondents were aware that they have a right to see the information that a company or an organisation holds about them, a 15% increase since 2004.
When prompted, 84% of individuals surveyed also knew that they had a right to request information held by public authorities under the Freedom of Information Act.
Information commissioner Christopher Graham said a strong awareness of data protection obligations is of fundamental importance to any organisation.
"Businesses need to show they are taking data protection seriously. Failing to do so could not only lead to enforcement action, it could also do significant damage to their reputation," he said.
According to Graham, there is a link between satisfied customers and good handling of personal information.
"Our research shows that almost all of the individuals surveyed are concerned about the collection and secure storage of their personal information. Ignoring data protection obligations is ignoring a key customer concern," he said.
This is supported by the latest Unisys Security Index, which found that nearly one in 10 people in the UK admits switching banks or retailers because of concerns about privacy and identity protection.