Gwent Police has been slapped on the wrist after it sent results of Criminal Reference Bureau (CRB) checks to a member of the public.
The force sent an email containing a spreadsheet of the results of around 10,000 CRB enquiries to a website journalist.
A staff member accidentally included the journalist in the email.
Fortunately, no details of criminal convictions were disclosed and the nature of the information was not identifiable.
Nevertheless, the Information Commissioner's Office (ICO) found the force in breach of the Data Protection Act.
A Gwent Police investigation into the incident criticised the member of staff for not following the force's IT policies.
"It is essential that staff are aware of and follow their organisation's security policies," said Anne Jones, assistant commissioner for Wales.
"Such a huge amount of sensitive personal information should never have been circulated via email, especially when there was no password or encryption in place."
Gwent Police signed a formal undertaking to shore up its practices, requiring new technology to be brought in to stop autocomplete of email addresses in internal and external accounts.
The force will be pleased to have avoided a fine something two councils did not manage earlier this week.
Ealing and Hounslow councils were hit with fines totaling 150,000 for the loss of unencrypted laptops containing personal data.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
TikTok to open first European data centre in IrelandNews The move could signify a desire to shift its operations away from the US as well as secure its position in the European market
-
MPs in a muddle over GDPR and storing voters' personal dataNews Labour MP Chris Bryant says his staff were told to delete constituents' data
-
Trump resort will not be charged for breaching data lawsNews Presidential hopeful's Scottish golf course failed to register under the Data Protection Act for four years
-
Banks urged to share data but warned over securityNews Experts voice concern over security of open API recommendations
-
EE to roll out £1bn 4G emergency services networkNews Mobile operator wins contract from Home Office to give services access to new gen network
-
EU centralises European open data through one portalNews Open Data Portal will enable public sector bodies to share information
-
Experts question sheer scale of data storage required by Snooper's CharterNews Who will foot bill for physical infrastructure to house UK's browsing histories?
-
Snapchat's T&Cs update could put user data at riskNews Kaspersky said giving the service permission to share pictures with third parties could lead to a serious breach of privacy
