Senior Whitehall heads are to be held personally responsible if their department loses personal information, under new proposals.

Public sector officials, including chief executives of NHS trusts, are to be forced to take data protection "much more seriously" under proposals due to be laid out by Cabinet Secretary Gus O'Donnell.

According to The Times, O'Donnell is expected to publish the findings of a report on data security in the coming weeks. The report was commissioned by the Prime Minister in the wake of the loss of 25 million child benefit claimant records by the HM Revenue and Customs (HMRC) in November 2007.

Speaking at the Infosec conference in London, information commissioner Richard Thomas said O'Donnell's report contains new regulatory guidance and advice.

Thomas, who was seen a draft of the report, revealed new legislation would allow the ICO to conduct unannounced checks on data controllers in Whitehall. "We will be conducting spot checks in Whitehall departments next year".

Thomas said the new measures focused on "issues of accountability and governance", signifying that the heads of departments would be personally responsible in the event of serious data breaches.

"It has to be the likes of chief executives (of NHS trusts) and permanent secretaries who are held accountable when things go wrong," Thomas told delegates at Infosec.

Chief executives will no longer be able to entrust information security to "techies".

The ICO added that prime minister Gordon Brown would announce similar measures for the rest of the public sector, and possibly private companies also.

The Information Commissioner's Office also revealed it had received reports of 94 further data breaches in the past six months since the HMRC incident. Around two-thirds of these were in the public sector.

Nearly a third of the breaches in the public sector, which ranged from "the minor to the very serious", Thomas said, were in central government, while a fifth affected the NHS. Of the breaches in the private sector, more than 50 per cent were in financial institutions.

Related stories:

MPs call for data loss to be made a criminal offence