We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.


Search
DPC starts probe into Central Bank error
Pic: RollingNews.ie
13 Oct 2023 / data law Print

DPC starts probe into Central Bank error

The Data Protection Commission (DPC) has begun an inquiry into a breach of data-protection legislation at the Central Bank.

The Central Bank is also beginning an external review of the data-management and data-protection controls in place with respect to the operation of the Central Credit Register (CCR), a centralised system that collects and stores information about loans.

The DPC probe is linked to an archive error that led to three months’ information on borrowers’ credit records being made available to lenders for longer than it should have been.

The Central Bank disclosed in August that some information on borrowers had been kept on the CCR for up to an additional three months, and had been available for inclusion in credit reports between 1 June and 7 August 2023.

“While the information was an accurate representation of what was previously reported by lenders, the additional three months of information should not have been held or made available in credit reports during this period,” it said, adding that the issue had been fully resolved by 7 August.

Impact

In an update today (13 October), the bank said that it had carried out an investigation into the impact of the incident on borrowers, and had so far found nine cases in which the relevant data had affected lenders’ decisions on credit.

The regulator said that it was continuing to engage with lenders about another 41 cases.

In almost 31,000 lending inquiries, the excess data had no impact.

The Central Bank has written to those identified as being at highest risk of being impacted by the error.

“The Central Bank has engaged with the lenders to ensure that there is a contact point in place for impacted borrowers, should they wish to discuss their previous application or re-apply for credit,” it stated.

“The lenders have also confirmed the excess information previously received will not impact on any new applications,” it added.

Apology

The bank said that it had fully engaged with the DPC on the issue and would continue to do so.

Vasileios Madouros (deputy governor for monetary and financial stability) said: “The Central Bank of Ireland sincerely regrets, and apologises for, this error.

“While we have a range of controls in place in the operation of the CCR, it is clear they were insufficient to prevent this specific incident. This falls short of our own standards, and we have implemented immediate measures to prevent this error from reoccurring,” he added.

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland

Content related to data law

data law
Ruling 'to worry' AI-based service-providers

German credit-score firm caught by GDPR – Matheson

data law
data law
‘Constitution of the internet’ comes into force

Illegal offline is now illegal online
data law
data law
Data is now a high-value commodity – review

MH&C lawyers warn businesses to be vigilant
data law
data law
Reform of data-appeals system ‘long overdue’

'Significant drain on court resources', says judge
data law