The States has apologised, after private data on healthcare debts owed by 5,000 locals was sent by email to an islander living in the UK.
The Office of The Data Protection Authority is investigating after the private information of 5,059 individuals was shared by a member of Guernsey's Corporate Debt Management Team.
The States are blaming the incident, which occurred on 18 April, on 'human error'.
It says the information shared - which included full names and money owed - was not enough to enable someone to commit identity fraud.
No personal medical information was included.
The person who received the email says they deleted the data sent to them.
Chief Resources Officer, Bethan Haines apologised 'unreservedly'.
“I know that this incident will cause frustration and distress and I want to unreservedly apologise for the lapse in security of customer data.
The States of Guernsey has strict internal training requirements specific to confidentiality and data safeguarding, with refresher training for the Corporate Debt Management Team occurring at least annually.
We take matters of data security extremely seriously and have taken immediate steps to strengthen our security measures, whilst we continue to carry out an investigation into the incident in order to capture the lessons learnt.”
Le Tocq should resign as a Guernsey deputy says Lindsay de Sausmarez
L'Ecume II: Lewis Carr jailed for 20 months for fatal collision at sea
Guernsey's former Chief Minister admits making indecent images of children
Guernsey Deputy and wife arrested and questioned by police
Guernsey Post expect to deliver 750,000 parcels this Christmas
Alderney to get a Royal Visit on 15 December
Two airlines bid to operate Guernsey's essential air links
Guernsey overtakes Jersey as top Channel Island for UK Sea Travel
