The UK's Information Commissioner has called on chief executives to clamp down on "careless and inexcusable" breaches of personal information.

Richard Thomas said in the 2006/07 annual report (PDF) from the Information Commissioner's Office (ICO) that the UK has suffered unacceptable security breaches over the past year, involving leading names such as Orange and several high street banks. 

"Over the past year we have seen far too many careless and inexcusable breaches of people's personal information," said Thomas.

"The roll call of banks, retailers, government departments, public bodies and other organisations which have admitted serious security lapses is frankly horrifying."

In February alone the ICO found Alliance & Leicester, Barclays Bank, Clydesdale Bank, Co-operative Bank, HBOS, HFC Bank, Nationwide Building Society, Natwest, Royal Bank of Scotland, Scarborough Building Society, The Post Office and United National Bank in breach of the Data Protection Act and ordered them to sign formal undertakings.

Information stolen as a result of poor data security practices can be used in identity fraud and theft, which is currently costing the UK £1.7bn a year.

The ICO received almost 24,000 enquiries and complaints concerning personal information in 2006/7.

As a result it prosecuted 16 individuals and organisations in the past 12 months and two parliamentary inquiries have started following the Commissioner's call for a debate on the UK's 'surveillance society'.

The public's awareness of data protection rights has risen to an all-time high of 82 per cent, and an increasing number of people understand that personal information must be handled appropriately.

"Business and public sector leaders must take their data protection obligations more seriously. The majority of organisations process personal information appropriately, but privacy must be given more priority in every UK boardroom," warned Thomas.

"Organisations that fail to process personal information in line with the Principles of the Data Protection Act risk enforcement action by the ICO and losing the trust of their customers."

The Information Commissioner has called for stronger audit and inspection powers for his office to ensure that personal information stays private.

Currently the ICO can only audit organisations' information handling practices with their consent. The Commissioner wants the right to inspect and audit practices where poor practice is suspected.