His comments come in the wake of a number of security breaches reported to the Information Commissioner's Office in the last six months.
Thomas said: "It is particularly disappointing that the HMRC breaches have not prevented other unacceptable security breaches from occurring.
"The government, banks and other organisations need to regain the public's trust by being far more careful with people's personal information."
Since the data protection failure at HMRC in November, the ICO has been notified of nearly 100 data breaches by public, private and third sector organisations -- with data carried in unencrypted laptops, on computer discs, memory sticks and on paper going missing.
Information has been lost by a variety of means, including through theft, in the post and during transit with couriers. Missing data included highly personal financial and health records.
Half of the security breaches reported to the ICO were done so by financial institutions and of those reported by public bodies, almost a third were breaches in central government and associated agencies, and a fifth in NHS bodies.
Thomas said: "Once again, I urge business and public sector leaders to make data protection a priority in their organisation.
"The level of understanding about data protection and the need to safeguard people's personal information have no doubt increased and I am encouraged that more chief executives and permanent secretaries appear to be taking data protection more seriously, but the evidence shows that more must be done to eradicate inexcusable security breaches."
The ICO recently published guidance on how organisations should deal with security breaches. It can be downloaded from .