The Independent Inquiry into Child Sexual Abuse has been fined £200,000 after sending a bulk email that identified possible victims of child sexual abuse, the Information Commissioner's Office has said.

The inquiry sent a blind carbon copy email to 90 participants on February 27, 2017, telling them about a public hearing, but then a member of staff sent a correction where the email addresses were entered into the "to" field instead, the ICO said.

This allowed the recipients to see each other's email addresses, identifying them as possible victims of child sexual abuse.

Steve Eckersley, the ICO's director of investigations, said the incident "placed vulnerable people at risk" and was concerning, adding that the inquiry "should and could have done more to ensure this did not happen".

"People's email addresses can be searched via social networks and search engines, so the risk that they could be identified was significant."

One of the respondents said he was "very distressed" by the data breach, and in total the ICO received 22 complaints.

Of the 90 email addresses, 52 contained the recipient's full name or a label with their full name.

IICSA became aware of the breach when a recipient added two further email addresses to the "to" field and clicked "reply all".