An abuse survivor's privacy has been breached by the Royal Commission investigating abuse in state and faith-based care.
The breach involved a survivor's personal details being mistakenly sent to another survivor.
In an email to survivors, the commission said it was an isolated but serious incident, caused by human error.
The commission said it was deeply sorry for what happened and the staff member involved was understandably devastated.
Although the commission's procedures were robust, they were now being reviewed so that survivors could rest assured information they shared would be safe, it said.
One survivor, Tyrone Marks questions just how robust the commission's systems actually are.
''Someone has got to be answerable to it ... you can't just send out something and 'oh yes we made a mistake and we won't do it again'.
"To make sure you don't do it again, are you going to plug that hole up?'' Marks asked.
He said the breach indicated disorganisation in dealing with private information.
''Someone isn't doing their job obviously. That sort of mistake you shouldn't be making, really, at this time.
''Information like that is pretty out there.''
Marks said survivors should be able to expect the commission to have better safeguards in place.
The Royal Commission said the two survivors involved had been contacted and offered sincere apologies and appropriate support.
Commission executive director Mervin Singham emailed survivors, assuring them of the commitment to ensure their confidentiality was maintained.
He acknowledged the incident and the reporting of it would concern some people and said support was available.