Or is it simply lip service? Because the letters that come to my lips are TJX.A company called Tablus, which markets a data security system called Content Sentinel, released the results of a survey it sponsored among 400 consumers that purports to show the indignation customers have against companies that expose personal data to security breaches.

"This survey shows how essential content protection is to an organization, not just from an IT perspective, but from the value a brand has in the public eye," said David Puglia, VP of marketing for Tablus, in a statement.

According to Tablus;

* 96% of survey respondents say that companies' highest priority should be protecting customers from a data breach.

* 95% of respondents felt there was no excuse for a company to expose a customer's confidential information.

* 94% of respondents say that if there is a technology that could prevent the loss of confidential personal information, all businesses handling this information should use it.

That's all well and good. Personally, I believe that one of a company's highest priorities should be protecting my data. Maybe not the highest priority: shareholders and employees might have something to say about that. But one of the top three, for sure. Also, I'm a big believer in technology. If there's something that can help -- and there is; it's called encryption -- companies should use it.

Here's where I think we get on shakier ground:

* 85% of survey respondents say they would prefer to do business with a company that has never experienced a data breach.

* 82% of respondents would warn others from doing business with a company that exposed its customers' personal information.

* 82% of respondents felt that companies that had never experienced data loss were more trust worthy than those that have.

What puzzles me is that this isn't the first survey where consumers suggest that they will stop doing business with companies that lose their data. Yet, the company most notorious for exposing customer data to hackers, the company that experienced the worst data breach in U.S. history, continues to roll along, seemingly unaffected.

That company is TJX, parent company of T.J. Maxx, Marshall's, and other discount chains. According to TJX's most recent financial statement, net sales for the second quarter of fiscal 2008 increased 9% from the year-ago quarter, to $4.3 billion; income for the quarter was $59 million. That's, of course, excluding the after-tax charge of $118 million the company will have to take for liability in connection with the data breach. The company has several consumer class-action lawsuits, and lawsuits from banks, pending against it.

The point is this: consumers may say they will boycott companies -- and organizations -- that play fast and loose with their personal data, but actions speak louder than words. That doesn't exclude IT executives from making data security and privacy one of their highest priorities. One of these days, consumers will decide to practice what they preach. CIOs should do so first.