A "horrifying" number of companies, government departments and other public bodies have breached data protection rules in the past year, a report says. The UK's Information Commissioner Richard Thomas said bosses must take the personal data of both customers and staff seriously. Orange, Barclays and NatWest are three of the firms he has rapped this year. The Ministry of Justice said prison sentences could be given to those who deliberately misuse personal data. Mr Thomas received nearly 24,000 enquiries and complaints about personal information issues in 2006-07. His report said 56.5% of these required only advice and guidance, while a breach was likely to have happened in 35% of cases, of which a further 77% resulted in remedial action. "Frankly these are inexcusable. None of this is really rocket science - security is fundamental," he told BBC Radio 4's Today programme. Main offenders Internet firms generated the most complaints, with 13% of the total. Mr Thomas told the BBC there were concerns about internet search engines which keep detailed histories of each individual's online activity. "We're leaving these electronic footprints right through our lives these days," he said. The annual report also highlighted a recent glitch on the Medical Training Application Service website which left trainee doctors' personal details open to public view. After internet firms, 12% of complaints were about banks, 10% about direct marketing organisations and 7% about telecoms firms. A total of 12 high street banks were guilty of discarding customers' personal details - including bank statements, cut up credit cards and loan applications - in unsecured bins outside their premises, the commissioner found. Meanwhile, staff at an Orange call centre were found to have shared log-ins, meaning customer information could potentially have been accessed by unauthorised workers. And in the public sector, a breach of online security in the Foreign and Commonwealth Office meant that people hoping to come to the UK from India had their personal information visible to others. The Child Support Agency also gave rise to concern over its use of passwords by temporary staff. Respect for privacy "The roll call of banks, retailers, government departments, public bodies and other organisations which have admitted serious security lapses is frankly horrifying," said Mr Thomas. "My message to those at the top of organisations is to respect the privacy of individuals and the integrity of the information held about them, to embrace data protection positively and to be sure you are not the business or political leader who failed to take information rights seriously." Mr Thomas said he wanted greater powers to check on companies' behaviour, principally the right to carry out an inspection without a firm's permission. But a Ministry of Justice spokeswoman insisted the commissioner "already had adequate powers" and had received additional funding for the past two years. A spokesman for John Lewis said while the public might be concerned, data collected by stores was not used in "customer-specific ways". "It's more about trends and protecting their interests - if there was a fraudulent transaction, picking it up because we have an insight into their sort of habits," he said.