Human error is the cause of 93% of breaches – as employees are commonly emailing, faxing or posting confidential data to the wrong person.
Financial advisers saw a 44% increase in data breaches over the same period.
The figures come from the Information Commissioner’s Office after Egress Software Technology made a Freedom of Information Act request.
Tony Pepper, chief executive of Egress, said: “We will never be able to completely rule out people making mistakes but clearly safeguards are urgently needed.
“Confusion can often put confidential data at risk, with users unsure of when and how to encrypt.
“Similarly, a continued reliance on fax and post demonstrates a disturbing lack of care and control taken to sensitive information.”
He added: “Organisations need to make data protection a priority.
“Where possible, fax and post must be replaced by secure electronic communication that is procured in its own right.”
Fines made by the ICO for breaching the Data Protection Act total at £6.7m since 2010.
Of this figure £5.1m comes from mistakes, as £600,000 has been issued for data being emailed to the wrong recipient, £320,000 for individuals using the wrong fax number and £170,000 for getting the wrong postal address.
Other common data breaches come from sensitive information being posted on publicly available websites.
Pepper said: “There should be a subsequent call to action within the Private Sector to address areas of concern and gaps in data protection, enhancing the services they provide to clients and their reputation within their markets.”