A Christchurch information technology consultant says he warned the Earthquake Commission that a serious breach of privacy could occur with the information it handles.
The commission is blaming human error for an incident on Friday in which the private information of 9700 people was emailed to someone outside the organisation.
EQC says the email system automatically completed an email address that was not the person within the organisation the information was intended for.
IT consultant John Bryant says he contacted the commission in December last year, expressing concerns about how it protects data privacy, but was ignored.
"Which I find quite extraordinary, because the inquiry was not designed to present a difficulty to them but to highlight the issue of data privacy, which I had some concerns over, and which they now seem to have now ignored.
"Of course, the inevitable has happened and the release of the data has occurred."
Meanwhile, a lobby group believes the Earthquake Commission has handled the privacy breach well.
Leanne Curtis, spokesperson for the Canterbury Communities Earthquake Recovery Network (CanCERN), says the commission has been upfront, which is reassuring for people.
"I honestly think this is the first time that EQC has moved this well and this clearly on their communication to lay out all the information that people need to reduce levels of stress. So I think they've set themselves a brilliant example."
The commission says the recipient of the private information has agreed to destroy all the material.