Businesses remain very overconfident about security, according to an extensive study on their practices.
The report, which interviewed 5,500 executives and 15,500 consumers globally, found a "startling" difference between firms' intentions on customer data privacy and the steps they take in practice. The study was commissioned by IT services firm Accenture.
Nearly three quarters, 73 percent, of firms believe they have adequate policies and technology in place to protect sensitive data, but 58 percent have lost sensitive data in the past two years. Six in 10 say it is a continually reoccurring problem.
In the UK alone, 76 percent of firms have suffered data breaches, yet 74 percent are convinced they have the right policies in place.
A separate report last year by researchers the Ponemon Institute found that data breaches cost companies an average of $6.6 billion (£4.3 billion).
Seventy percent of businesses acknowledged their obligation to take "reasonable steps" to protect the information, but many were unwilling to allow customers a say in where it is sent or how it is used.
Some 45 percent were unsure or disagreed with letting customers control what is collected, and 47 percent were not certain that customers should be able to control how the data is used. A similar proportion were not clear that limiting cross border data transfers, to countries with lesser privacy laws, was necessary. But over half of those businesses surveyed said they outsourced data processing and collection.
The results would likely disappoint many consumers, of whom over half said they had the right to control the usage of their data. But some 41 percent laid responsibility for data control with the government, not just the businesses themselves. In the UK, 49 percent of consumers said privacy was most important when making credit card purchases.
In the report, Accenture advised businesses to look more widely than simply the regulation, examining "all of the ways in which data is generated and collected". They should also create clear rules on data protection, it said, and create a strong culture of security and respect for customers' data.