Private data has been lost by or stolen from UK local councils more than 1,000 times since 2008, a report says.
The data included details relating to children and vulnerable people in care, campaign group Big Brother Watch said.
Some 132 authorities said they had had a total of 1,035 cases of data loss or theft between 2008 and 2011.
The Information Commissioner said it was vital councils kept data secure. The Local Government Association for England and Wales declined to comment.
Big Brother Watch director Nick Pickles said the research – based on answers to freedom of information requests – showed a “shockingly lax attitude” to protection of confidential information by some councils.
Some 263 councils reported no losses, while a further 38 did not respond.
The report revealed that information about at least 3,100 children and young people was compromised in 118 cases.
Lost ‘in street’
At least 244 laptops and portable computers, 98 memory sticks and 93 mobile devices went missing.
Only 55 incidents were reported to the Information Commissioner’s Office (ICO) and only nine people lost their jobs as a result, according to the councils which responded.
Buckinghamshire and Kent reported the most data loss incidents with 72 cases each, followed by Essex with 62 and Northamptonshire with 48.
Cases included scanned case notes belonging to Kent council being found on Facebook and an unencrypted memory stick containing childcare data lost on a Durham street.
In Birmingham, one lost USB stick included the names, addresses, contact details, tenancy type and ethnic origin of 64,000 tenants. In that case, the member of staff was suspended and later resigned.
Mr Pickles said: “This research highlights a shockingly lax attitude to protecting confidential information across nearly a third of councils.
“The fact that only a tiny fraction of staff have been dismissed brings into question how seriously managers take protecting the privacy of their service users and local residents.
“Despite having access to increasing amounts of data and being responsible for even more services, local authorities are simply not able to say our personal information is safe with them.”
New powers
The ICO has called for new powers to carry out compulsory audits in the local government sector.
An ICO spokesman said: “It’s vital that local authorities properly live up to their legal responsibility to keep personal data secure, particularly where it is sensitive information about children and young people.
“Our concern isn’t just that councils have the right policies and procedures in place; it’s about bringing about a culture among staff whereby everyone takes their responsibilities seriously and effective data handling becomes second nature.
“We’re calling for powers to conduct compulsory audits in the local government sector and will this week submit a formal business case to the Ministry of Justice asking the government to give us such powers.”
Local government minister Grant Shapps welcomed the report saying it “reinforces the need for steps to protect the privacy of law-abiding local residents”.
In October, MPs on the justice select committee called for tougher personal data abuse laws, suggesting courts should have the power to jail people who breach the Data Protection Act.