Sir Gus pledged a cultural change in data security
Tougher rules aimed at keeping people's personal records private are to be introduced in government departments.
Civil service chief Sir Gus O'Donnell said there had to be a "fundamental change in culture" among staff handling people's personal information.
Compulsory annual training and spot checks on data security are among changes outlined by a review.
It comes as a separate review says the loss of 25m people's data by HM Revenue and Customs was "entirely avoidable".
Announcing the results of a review into information handling by government departments, Sir Gus said much had already been done - but more had to be done to "restore public faith in the government's ability to handle personal information safely".
That came under question after HMRC sent two discs containing the entire Child Benefit database to the National Audit Office unregistered and unencrypted last October - they have not been found.
It prompted fears that criminals could fraudulently use personal details on the discs, including addresses, bank accounts and National Insurance numbers.
Since then new guidelines have been issued on the handling of sensitive data, 90,000 staff at HMRC have been given extra security training and 20,000 Ministry of Defence laptops have been encrypted, Sir Gus said.
The new changes include new "mandatory minimum measures" across all departments - including encryption and compulsory testing of security systems by independent experts.
They also include "cultural change" - with annual training for everyone who handles personal data and privacy impact assessments - something recommended by the information commissioner.
There will also be stronger data security roles - so staff know who is responsible - and tighter scrutiny as departments' reports are checked by the National Audit Office and there will be spot checks by the information commissioner.
Sir Gus said: "Although no organisation, public or private, can ever guarantee that it will never make a mistake, I believe the measures we are announcing today will ensure that the public can be assured we are taking the necessary measures to keep people's data secure."