Tusla had over 200 data breaches in 18 months

The cases were broken down into four risk categories: high risk (23 incidents), medium risk (53), low risk (123), and no risk (2).

The incidents included the loss of an unencrypted device, unauthorised access to personal data, files getting lost or stolen, and deliberate disclosures of sensitive information.

The majority of the incidents were reported as involving an “employee error or omission”. However, there were some incidents which involved an “intentional act” by an employee or an intentional disclosure by an external party, for example one case involved a contractor being responsible for an intentional breach.

47 of the breaches involved sending data to an incorrect email address, 52 involved postal address mistakes and 19 were described as a “record shared in error”.

There were also 4 breaches which involved “system misuse” and 13 cases where documents were not properly redacted and contained more private information than they should.

A spokeswoman for Tusla said: “The volume of data Tusla deals with on a daily basis, and the complexity and sensitivity of much of this data, means that on occasions when breaches regrettably do occur, that this may have a significant impact on the people involved.

“We are acutely aware of our responsibilities in relation to this very sensitive data, and take all breaches extremely seriously.”

She said the agency handles 60,000 referrals to child protection and welfare services each year and is responsible for 6,000 children in care.