According to a government report, no valid explanation has been identified for the slip up.

The Department of Health and Social Security has a contract with a specialist firm – not named by the report – to develop and support the Benefit Payment System.

A confidentiality statement has been formalised with the company and data is routinely exchanged with the company on CD or DVD by Treasury's Information Services Division for system testing and support purposes.

Data is normally anonymised but a recent internal review of information security found that, in one recent case, personal data was found to have not been anonymised and was sent via the ordinary postal services.

According to a report by Treasury's Internal Audit Division: 'No valid explanation has been identified for this change in the established security arrangements and steps have been immediately taken to reinstate the former security standard.'

Although data is anonymised, all future data transfers could be encrypted.

Details of how many people were affected or the nature of the information disclosed were not published in the report.

It is understood the error was spotted by the firm who deleted the document.

When questioned by Isle of Man Newspapers about the issue Chief Minister Tony Brown said that under data protection laws the party responsible was the one who held the information and that ISD was a conduit.

He said the important thing was that the mistake was picked up and that the information security review, ordered by Treasury Minister Allan Bell, followed the loss of 25 million child benefit records in the UK, showed the Island hadn't experienced the same unfortunate incidents as the UK.

Treasury's Internal Audit Division investigated the security and processing of personal data held in the Department of Health and Social Security's benefit payment system.

Health services, family practitioner services have 'view only' access to the benefit system to determine the qualification criteria and to confirm that people were in receipt of benefits and are entitled to free prescriptions, ophthalmic and dental services.

Officers were not only provided with the information they required but had the ability to view other information held in the system not relevant to the primary task, the review found.

The report said constraints in the design of the benefit payment system may present difficulties in restricting system access and the removal of potentially excessive access privileges to the system would have to be considered in the wider context to ensure the fair and lawful processing of personal data.

Benefit information transferred to the UK is more often generated on an individual basis, amounting to approximately 360 general benefit claims and around 86 pension claims a year.

Steps are to be taken to ensure that in future all personal data is sent to the UK by registered post.

The only 'bulk' transfer of information to the UK relates to National Insurance contribution details which are submitted to HM Revenue and Customs and amount to approximately 5,000 to 9,000 records annually, submitted as an e-mail attachment to a designated HMRC officer.

The report said the Manx Government had a range of comprehensive technical and organisational measures in place to protect data and information but there was scope for further improvements in certain areas.

Mr Bell, whilst gaining assurance from the results of the review, said: 'The Isle of Man Government cannot become complacent about ensuring the confidentiality of information.

'We recognise the development of the information communication strategy and the increased use of such technology to exchange sensitive data does present a greater risk for our business which in turn places a greater onus upon us all within the public service to act responsibly in promoting high standards in data security.'

A follow-up review is to take place within the next six months to assess the progress made with the suggested action plans and what impact this has made with the implementation of the recommendations made.