Just under half (49 percent) of consumers believe firms process their data in a fair and proper manner, says the Information Commissioner's Office (ICO).
Furthermore, just over a third (34 percent) said existing laws and practices provide sufficient protection of their data, reports the ICO's Annual Track Survey for 2011. However, when it comes to web-based firms nearly three-quarters (74 percent) believe their data is not being kept secure.
The majority (97 percent) were also about personal details being passed on or sold to other organisations.
The ICO said that while 72 percent of firms know the Data Protection Act (DPA) requires them to keep personal information secure, which is 26 percent up on last year, the number of data security breaches in the private sector has surged by 58 percent since the same time last year.
Information Commissioner, Christopher Graham said: "I'm encouraged that the private sector is waking up to its data protection responsibilities, with unprompted awareness of the Act's principles higher than ever".
"However, the sector does not seem to be putting its knowledge to good use. The fact is that security breaches in the private sector are on the rise, and public confidence in good information handling is declining."
Graham added that it wasn't only the potential £500,000 fine that should encourage firms to keep data secure, but also the damage to their reputation if data is not handled properly.
"Customers will turn away from brands that let them down," he said.
Ross Brewer, vice president and managing director of international markets at LogRhythm, said he was "shocked" that more than one in four firms are unaware of their responsibilities under the DPA.
"Furthermore, just because organisations are aware of their obligations does not mean they are fulfilling them. Regardless of what the DPA requires, the high profile breaches that regularly make the headlines should have made it patently obvious that ensuring data security is not an option.