It seems that not a day goes by without news about lost or stolen personal data.

Some of the most widely reported breaches involve personal data collected and stored on company networks. Crackers recently stole credit and debit information from a BJ’s Wholesale Club customer database, and in another incident, accessed the credit card, debit card and checking account information of more than 1.4 million customers of DSW, a shoe discounter.

The problem is not limited to individual corporations. Data aggregators such as Acxiom, ChoicePoint and LexisNexis collect and sell personal information on virtually every American. At one time or another, each of these companies has had to notify hundreds of thousands of individuals across the country that their personal information was accessed by unauthorized individuals. The Federal Trade Commission recently fined ChoicePoint $15 million after it sold sensitive personal information to con artists who then used the data for fraudulent purposes.

Yet despite growing concerns about privacy and the security of personal data, most American companies still collect too much personal information from their customers without giving them a choice on how this data is used, shared, sold or retained.

Opt-Out, Opt-In—Same Difference

Indeed, just over half of large U.S.-based companies offer an opt-out choice to customers, according to a new study by the Ponemon Institute (the company I founded). And even fewer companies—23 percent—operate on a consent or opt-in approach. (With an opt-in policy, companies will not collect personal information unless their customers specifically consent or opt in.)

Even if companies do offer opt-out, it can be a very frustrating experience—much like calling customer service at your telephone company to complain about their billing error. And there is no guarantee that personal information will actually be stricken from the company’s customer contact database. Not only are Americans increasingly worried their personal data may fall into the wrong hands but they are also becoming more anxious about omnipresent surveillance of their personal lives by the government. In January, the Ponemon Institute conducted a survey on whether search engine Google should release Internet search information to the federal government. More than 56 percent of respondents in our study said that Google should not release Web search information to the government.

Some recent surveys indicate that privacy concerns are behind the recent plateau in the numbers of people who bank online. And privacy experts say that they foresee an increasing number of lawsuits against corporations from angry consumers whose personal data has been breached. Recent government enforcement actions have also raised the bar for companies. In its ruling against DSW, the FTC required the shoe retailer to establish a comprehensive information security program that includes administrative, technical and physical safeguards.