The first major UK data loss has been reported since the Information Commissioner's fines were introduced.
More than 10,000 full names and dates of birth were exposed by Gwent Police after a file was accidentally emailed to The Register on Friday, which detailed the results of criminal records checks.
It claimed that the file, a Microsoft Excel spreadsheet that was not encrypted or password protected, contained the full names and dates of birth of 10,006 people in jobs or applying for jobs where a Criminal Records Bureau (CRB) disclosure is required.
It detailed the results of the checks going back to 2001 and so identified 863 people as having been in trouble with the police. In many cases it recorded their occupations, including dozens of taxi drivers, school and hospital workers.
The author of the email at Gwent Police is now facing a gross misconduct investigation and potential sacking over the incident, which came to light this week. The Register said that it has now deleted the file in cooperation with Gwent Police's professional standards officers.
Human error is being blamed for the action as the author used the auto-complete function in Novell's email software to include the journalist's address, along with those of five Gwent Police officials in the ‘CC' field of the message.
It reported that Gwent Police asked The Register to consider not publishing a story about its serious data breach saying it would undermine public confidence in the force, but it declined.
Gwent Police deputy Chief Constable Carmel Napier said in a statement: “As a Force we have strict policies and procedures in place relating to data security but regrettably these were not followed on this occasion. We are very sorry that we have on this occasion failed to meet our own high standards.”