According to Ponemon, US breaches cost companies an average of $202 (£142) for every data record lost in 2008. As with the UK, the most costly factor was loss of business.

"The growth in lost business costs demonstrates consumers do not take a breach of their trust and privacy lightly and have not become desensitised to the issue," the study said.

Two industries suffered the worst backlash from consumers. The churn rate -- that is, the rate at which people changed their provider -- was 6.5 per cent for health care and 5.5 per cent for financial services, the study found.

So far, about 44 US states have data-loss notification laws, but the laws can vary widely. For example, some companies do not have to tell customers if data is scrambled with 128-bit encryption or if the breach was stopped before information was wrongly acquired.

Last month, the (ITRC) found that more than 35 million data records were breached in 2008 in the US, a record number. The majority of the lost data was neither encrypted nor protected by a password, it found. The ITRC counted 656 breaches in 2008 from a range of well-known US companies and government entities. That was 47 per cent more incidents than the 446 breaches in 2007.