The personal details of more than 2,300 crime victims were lost in the post by Gwent Police, BBC Wales has discovered.
A CD went missing in May 2007, but the force said those affected were not told because it was decided their details could not be accessed.
Freedom of Information (FOI) requests to the four Welsh forces also uncovered cases of staff using police national computers without authorisation.
South Wales Police were the only force which refused to release information.
BBC Wales has referred South Wales Police's refusal to give details of security breaches to the information commissioner's office, which also rules on whether public bodies are implementing the freedom of information law properly.
Gwent Police said its CD had been sent to another organisation but, while the envelope arrived, the disc was missing.
It contained details of victims of theft, burglary and other offences, and was password-protected but not encrypted.
"There's a huge issue here of public trust"The victims of crime whose details were held on the CD were not told of the loss because "it was deemed that this information could not have been accessed," the force said.
Dyfed-Powys Police reported that "intelligence" documents concerning a member of the public had got mixed up with other papers and posted to someone in error.
They were returned to the force by the person who received them.
The force also had six cases where personal details were inappropriately accessed by staff on police computer systems over a three-year period.
This led to one employee being dismissed.
North Wales Police revealed that four members of its staff over a three-year period had accessed the police computer without authorisation.
This led to one employee resigning, the force said.
There were six other incidents of personal details being disclosed, either accidentally or without authorisation which led to warnings being issued to North Wales Police staff members.
South Wales Police would not release any details, arguing it would cost too much money because of the way much of the information was stored.
Prosecution warning
Anne Jones, the assistant information commissioner for Wales said she was not surprised by the cases.
"We're seeing far too many incidents of data that has gone missing, that has been misused in some form or other," she said.
"Under the Data Protection Act, organisations do have a responsibility to treat people's personal information safely, securely and fairly.
"And I would say that, as the regulator of the Data Protection Act, we will not hesitate to take enforcement action if we have reason to believe that something has gone wrong and the data has not been treated in that fashion."
Enforcement action can involve telling organisations what they must do to comply with the act, auditing them to see how well they handle personal information, or prosecuting individuals who misused data.
Ms Jones said the information commissioner's office had pursued all three options "fairly recently" and warned organisations to make data protection more of a priority
"There's a huge issue here of public trust... it will just disappear if as citizens we can't trust these organisations that do hold our data," she said.
"So there are implications for the organisations themselves.
"Beyond that are issues there of this information potentially falling into the wrong hands.
"If that does happen, then we have issues of potential detriment, of harm, to the individuals.
"We hear a lot these days about ID theft but there are real issues here of distress and harm to the individual."
RELATED INTERNET LINKS
Gwent Police
Dyfed-Powys Police
North Wales Police
South Wales Police
Information Commissioner
The BBC is not responsible for the content of external internet sites
^ Back to top | BBC Sport Home | BBC Homepage | Contact us | Help | ©
~RS~q~RS~~RS~z~RS~22~RS~)