Law firm Trinity Chambers has been fined £10,000 by the Data Protection Authority for failing to properly protect personal data.
The unauthorised disclosures were the result of repeated human error.
Highly confidential and sensitive personal details were sent by email and through the post without appropriate security by Trinity Chambers.
That information was then accessed by unconnected third parties who were unaware of the nature or sensitivity of the content.
The DPA says the fine reflects the seriousness of the breach and the impact of failing to look after personal data.
"The fine also reflects the lack of engagement by the controller and concerns that there has been a lack of appreciation of the potential wider impact of the breach for the individuals affected."
Trinity Chambers hasn't appealed against the ruling.
“The data protection law has the protection of individuals at its heart. The Authority will not hesitate to take proportionate and effective action in cases where the law has not been complied with. We have been disappointed that there is little evidence that the controller in this case engaged in a timely manner with the complaint or appreciated the impact of the breach on the individuals concerned. This is especially relevant considering the role that trust and confidentiality plays in the legal sector.
Individuals have a right to expect that those organisations who have their information will look after it properly. In a small community, such as ours, the impact can be significant if that information is compromised. This case further highlights the role of human error; something we have previously highlighted on a number of occasions. We understand that mistakes get made but when that happens, organisations must respond quickly, engage early and learn from what has happened.” - Emma Martins, Data Protection Commissioner