A police blunder that saw the results of about 10,000 Criminal Records Bureau (CRB) checks sent to a journalist was branded unacceptable by AMs.
A member of Gwent Police staff copied the wrong person into an email containing the highly sensitive spreadsheet.
The Information Commissioner s Office (ICO) has ruled that Gwent Police was in breach of the Data Protection Act.
An investigation by Gwent Police found the staff member had a somewhat cavalier attitude to IT security. The employee has since resigned.
The email was meant to go to five fellow police staff.
However, a journalist s address was auto-suggested by the computer program because it was the same name as one of the intended recipients.
The journalist received a Microsoft Excel spreadsheet as an attachment containing about 10,000 CRB inquiry results, requested by Gwent Police.
Of these, 863 records indicated the individual had some degree of information recorded. The record did not disclose the nature of the information, nor any details of any criminal convictions recorded.
Mick Giannasi, Chief Constable of Gwent Police, said the force flagged up the breach with the ICO at the earliest opportunity.
He said: In the interim we initiated an internal investigation which was supervised by the Independent Police Complaints Commission and conducted a thorough review of our data protection procedures... Our technological systems have been upgraded as we have installed message classification software which applies the Government Protective Marking Scheme classification to raise security awareness and prevent data loss.
This is the latest security breach across the UK. This week the ICO fined Ealing Council 80,000 and Hounslow Council 70,000 for serious breaches after the loss of two unencrypted laptops containing sensitive personal information.