OLD paper records were mistakenly left in a property that was sold by Newport council, leading to an investigation by the Information Commissioner's Office (ICO).
The "serious incident" was reported to the ICO, which decided no action was necessary following an investigation.
It was one of 34 information security incidents recorded by Newport City Council last year, compared with 43 in the previous year, according to an annual information risk report.
The report says: "The most significant incident during this year was one where old paper records where accidentally left in a property that was sold.
"These paper records were found by the new owner who notified the council.
"These records were collected from the new owner and stored/destroyed appropriately.
"The quantity of paper records and the type of information contained it were significant enough for this to be reported to the ICO."
Newport City Council said the incident was also reviewed internally and improvements were made as a result to prevent a repeat of the issue.
A report says data was identified and recovered promptly, without any further disclosure.
OTHER NEWS: How the football world reacted to Newport County 2 Middlesbrough 0
Newport drug dealers caught with cocaine after overturned car crashed in police chase
"The ICO investigated the incident thoroughly and ultimately took no action against the council," the report adds.
"Preventative measures taken and a comprehensive response to questions raised by the ICO were important factors in this decision making process."
The number of information security incidents recorded by Newport council last year was the lowest on record.
A report says it is difficult to establish whether this reflects an "improved position", or a reduced level of reporting.
But previous consistency over the number of incidents suggests it is a "positive sign", the council report adds.
Most of the incidents were not of major significance.
They included issues around emails being sent to the incorrect recipient, including with information that should not have been included, lost mobile devices and personal printed information left on printers internally.
Newport council's chief internal auditor says the annual risk report demonstrates the authority has "appropriate and effective arrangements in place for information governance."
The report has gone out to councillors for consultation, and is expected to be endorsed as a cabinet member decision by Cllr David Mayer next Tuesday.
A spokeswoman for the ICO confirmed no formal action was necessary after an investigation.
A spokeswoman for Newport City Council said: "In 2017, the council was notified by the new owner of one of its former properties that records had been found in the attic.
"We were very grateful that the owner came straight to us so they could be collected and dealt with appropriately.
"Although the records dated back a number of years, we reported the incident to the Information Commissioner’s Office (ICO). Following a thorough investigation by the ICO, it was decided to take no action against the council.
"An internal review was also carried out and preventative measures have been introduced to prevent a similar incident happening again."
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here