The General Teaching Council for Wales (GTCW) has been forced to tighten its security procedures after a member of staff lost a computer memory stick containing sensitive information about teachers.
The stick, thought to have been misplaced at the home or office of the employee, contained background information about the GTCW's professional standards casework.
Although it was password-protected and had "military-grade" encryption, the GTCW has now banned the use of removable storage devices for sensitive information.
Instead, all staff must now access organisational data remotely via a secure server.
Chief executive Gary Brace told TES Cymru: "The memory stick was robustly protected because of the nature of the information held, some of which may have remained for internal use only, and some that may have been made public in due course.
"The GTCW has defined, high levels of data security in place to protect sensitive information. Due to the nature of our organisation, it would be impossible for all of our work to be completed as efficiently without working remotely.
"On top of the safeguarding arrangements we already had in place, we have now strengthened them even further.
"The fact that this incident did not lead to any loss of data shows the success of our arrangements. We would recommend other data-rich organisations secure their data in the way we do."