A junior Department of Justice official accidentally sent the names and birthdates of Northern Ireland Prison Service (NIPS) staff to a private contractor, it has emerged.

The data breach was reported by the contractor to the Department of Justice and has been referred to the Information Commissioner’s Office for investigation.

The Department has played down the breach’s significance because the contractor was vetted and the information was quickly deleted.

Laura Gillespie, regulatory partner and data protection legal expert at Pinsent Masons, said the incident highlighted the security risks associated with human error.

Ms Gillespie said: “With the rise in cyber-attacks a lot of media attention regarding data protection focusses on technical security, but human error can often be a major factor in incidents.

“This example demonstrates the importance of awareness around data protection at all levels of an organisation, and how reliance upon IT architecture alone cannot guarantee against a breach. It serves as a stark reminder to all organisations of investment in staff training, and also having a crisis response plan in place to cope with a breach.

“The importance of this will be amplified when the new European Directive comes into force which will require mandatory reporting of serious breaches within 72 hours.”