A small-scale survey of financial firms including banks and insurance companies by the Financial Services Authority (FSA) found that nearly half of respondents offered no data security training for staff.
Failings such as sending unprotected customer details through the post and not vetting junior staff with access to large pools of data were also discovered.
The actions came despite a series of security breaches, including last year's HM Revenues and Customs' loss of computer discs containing the details of 25 million people.
And earlier this month banking giant HSBC admitted losing a disc containing details of 370,000 customers.
Philip Robinson, the FSA's director of financial crime and intelligence, said: "It is worrying that despite increased public awareness of the impact that identity theft can have on customers, many firms are still not taking this risk seriously.
"Customers have a right to be confident that firms are doing everything reasonably possible to keep their personal and financial details safe."
He added: "Firms getting data security right is a key priority and we expect the industry to raise its standards."
The FSA surveyed 39 firms including banks and insurance companies.
Tweet
