Bank of Ireland’s subsidiary in the UK has been issued with a reprimand by the UK’s Information Commissioner’s Office (ICO) for mistakes made on more than 3,000 customers’ credit profiles that “potentially caused misery for thousands of people”.
The bank sent incorrect outstanding balances on 3,284 customers’ loan accounts to credit reference agencies between 2018 and 2020, the independent data protection regulator said on Friday.
This inaccurate data could have potentially led to these customers being unfairly refused credit for mortgages, credit cards or loans, or granted too much credit on products they were potentially unable to afford, it said.
Its investigation found that, due to the complex nature and different factors contributing to credit scoring, it would be impossible to determine the actual damage caused to each customer.
However, the ICO concluded it was reasonable to assume that the inaccurate data sent by Bank of Ireland UK to credit reference agencies would have had a negative impact on the customers affected.
Bank of Ireland UK, which was reported to the ICO in March 2021, was found to have infringed data protection law by failing to ensure personal data was accurate.
“Mistakes made by financial institutions can have far-reaching consequences on people’s everyday lives. Some of the customers affected could have been refused mortgages, loans or credit cards, as well as being unable to get mobile phone contracts, insurance policies or sign up with utility companies. The mistake made by Bank of Ireland UK could have potentially caused misery for thousands of people,” said Natasha Longson, ICO head of investigations.
“We do, however, recognise the steps the bank has taken to correct their error, supporting affected customers and reviewing its data-management processes. Therefore, we believe a reprimand is the best, fairest outcome, and that lessons have been learnt to avoid mistakes like these in the future.”
Bank of Ireland UK said it acknowledged the ICO’s reprimand.
“We take very seriously our regulatory and compliance obligations, and our duty to customers and regret that we fell short in this instance,” it said in a statement.
“The bank has rectified the technical issue which caused the errors and introduced additional checks to improve data management and oversight. Once we identified and reported the issue, we engaged fully and proactively with the commissioner throughout the investigation.”
Steps recommended in the reprimand to ensure Bank of Ireland UK’s compliance with UK data protection law include continuing to support affected customers, ensuring that robust processes are in place and reviewed regularly and sharing lessons from the issue across the organisation to prevent a repeat.
- Sign up for Business push alerts and have the best news, analysis and comment delivered directly to your phone
- Find The Irish Times on WhatsApp and stay up to date
- Our Inside Business podcast is published weekly – Find the latest episode here