Thomas, who was giving evidence to the House of Lords Constitution Committee, said a new criminal offence should be introduced to deter companies that "knowingly and recklessly" abuse the Data Protection Act.
Among the businesses and sectors singled out by Thomas for collecting excessive amounts of personal data were Google, Facebook, the financial services industry, and the travel and insurance sectors.
He added, data sharing between the police, passport, health, emergency and intelligence services needed to be proportionate, but warned that the "quite staggering" amounts of information collected on individuals by the private sector could lead to an "information sharing free-for-all".
According to the ICO's most recent research, 94% of people are concerned about the way organisations sell their personal details on to other companies without their permission, while around 60% believe they no longer have control over where sensitive data ends up.
Thomas said: "Credit reference companies, airlines, travel companies, Google -- [they] all collect data, while on Facebook the amount of information shared and passed around is quite staggering.
"The police and security services can see the benefits of data sharing, but there are substantial dangers in an information sharing free-for-all. Primarily the data collected should be used for the purposes for which it was originally collected."
The ICO's most recent report on data protection found 9 out of 10 individuals were worried organisations failed to protect their personal information, but that there had been a 16% point rise, to 90% in the last three years, in the proportion of people who are aware that they have a right to see the data that companies hold about them.
Thomas warned that companies failing to keep personal information secure not only risked losing public trust but "enforcement action" by his office.