Civil servants dealing with personal data will be forced to take annual training following the fiasco surrounding the loss of personal details of 25m child benefits claimants.

The move, described as a change in culture, comes as one of the changes announced in cabinet secretary Sir Gus O’Donnell’s review of information security in government.

Action already taken to improve data security includes 90,000 employees at HMRC being given additional security training.

The cabinet secretary said: “Recent data losses and thefts have underlined the need for urgent action to improve data protection right across government and to bring about a fundamental change in culture among those who are entrusted with the public’s personal records.

“Although no organisation, public or private, can ever guarantee that it will never make a mistake, I believe the measures we are announcing today will ensure that the public can be assured we are taking the necessary measures to keep people’s data secure.”

Other changes include privacy impact assessments, encryption and compulsory testing, stronger accountability with clear lines of responsibility, scrutiny by the National Audit Office and spot checks by the Information Commission.

The review took place alongside two independent inquiries: the Poynter Review looking at the circumstances of the child benefit disk loss and the Burton Review of the Ministry of Defence laptop loss earlier this year.

In addition, following the two occasions of top security documents being left on trains, Sir David Omand and the cabinet secretary are both examining the handling of high security printed documents.