The City watchdog has said it is concerned that firms have not heeded warnings following a raft of high-profile data security blunders.
A small-scale survey of financial firms including banks and insurance companies by the Financial Services Authority (FSA) found that nearly half of respondents offered no data security training for staff.
Failings such as sending unprotected customer details through the post and not vetting junior staff with access to large pools of data were also discovered.
The actions came despite a series of security breaches, including last year's HM Revenues and Customs' loss of computer discs containing the details of 25 million people. And earlier this month banking giant HSBC admitted losing a disc from its Southampton office containing details of 370,000 customers.
Philip Robinson, the FSA's director of financial crime and intelligence, said: "It is worrying that despite increased public awareness of the impact that identity theft can have on customers, many firms are still not taking this risk seriously.
"Customers have a right to be confident that firms are doing everything reasonably possible to keep their personal and financial details safe."
He added: "Firms getting data security right is a key priority for the FSA and we expect the industry to raise its standards."
The survey found that nearly half of the firms visited offered no data security training at all, with another quarter asked staff to certify they had read the policy but did not test their understanding.
Firms' vetting of staff was also variable, the FSA said. Most stringent checks were applied to senior staff but there was "little consideration of the risk that junior staff with access to large volumes of customer data may facilitate financial crime."
Read More
Large firms spent too much focus on IT controls and not enough on office procedures, monitoring and due diligence, it added. Compilers said medium-sized and small firms were the worst offenders for data security.
