Ministers are proposing to keep details of all phone calls in a giant database
Bosses must stop leaving data security to the "IT boys" and other staff and take responsibility themselves, the UK's information watchdog has said.
Many did not understand the risks of storing personal data, said Information Commissioner Richard Thomas.
They had to realise that it could be a "toxic liability" as well as an asset to an organisation, he added.
Mr Thomas is currently investigating 30 "serious" breaches of data protection law by the government and other bodies.
But he said a lot of data losses went unreported and some organisations were not even aware that it had gone missing.
"It's often said that personal data is an asset for an organisation, we are saying it can be a toxic liability. There are many risks associated with holding information," he told BBC Radio 4's Today programme.
"There has been too much sloppiness, too much lack of awareness, of the risks of holding information and we are saying, really this is a matter for the top board, the chief executive of an organisation.
"It's no good saying the IT boys are looking after this, it's no good saying the lawyers are sorting out the policies, it's no good saying human resources are doing the training - it's right across the organisation.
"Computing power is so strong these days that many bosses don't simply understand what are the risks they are facing."
He said organisations should tighten up their policies, encrypt laptops, improve supervision and buy software that prevented large amounts of data can not be downloaded "all at one time".
"Things will inevitably go wrong, therefore you should plan for things going wrong," he told Today.
He said progress was being made but added: "We are still long way from saying we have got a tighter grip on the management of personal data."
In a speech later at the Royal Society of Arts in London, Mr Thomas will urge companies and other organisations to hold the least amount of data possible and warn they should face tougher penalties when any is mishandled.
He will also warn that creating giant databases of personal information would carry "significant risks" for the UK.
The government has recently defended a proposal to create a huge database recording all internet and telephone traffic.
Opposition parties have criticised the plan which could see details of every phone call, e-mail and text message sent in the UK recorded and kept for two years.
"The more databases that are set up and the more information exchanged from one place to another, the greater the risk of things going wrong," he will say.
"The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made.
"The more you lose the trust and confidence of customers and the public, the more your prosperity and standing will suffer.
"Put simply, holding huge collections of personal data brings significant risks."
The speech will come as new figures show that reports of data loss are increasing.
About 100 incidents were reported to the commissioner's office in the six months from November last year. The total for the year to date is 277.
The NHS is one of the worst offenders, reporting 65 incidents in total, including 27 computers lost or stolen.
However, the real figures are likely to be much higher, because there is currently no legal obligation to report data losses.
There have been a string of high-profile data losses in recent months.
Earlier this month, a computer hard drive containing the personal details of about 100,000 members of the armed forces was reported missing during an audit carried out by IT contractor EDS.
And last year, HM Revenue and Customs lost a disc containing the names, addressees, dates of birth and bank account details of up to 25 million people claiming child benefit.