| 19.3°C Dublin

Credit unions demand assurances from Central Bank after data leak blunder


Central Bank governor Gabriel Makhlouf. Picture by Vivek Prakash/Bloomberg

Central Bank governor Gabriel Makhlouf. Picture by Vivek Prakash/Bloomberg

Central Bank governor Gabriel Makhlouf. Picture by Vivek Prakash/Bloomberg

A LEADING credit union body is seeking assurances from the Central Bank that it can protect the personal data of people who have to register with it.

The call from the Irish League of Credit Unions comes after the Central Bank mistakenly gave out the names and home addresses of credit union bosses.

The data breach has forced the bank to apologise after it messed up by releasing the personal information to a third party.

Names and addresses of around 50 credit union chairpersons and chief executives, many of whom hold keys to credit union premises, were given out in error.

The league has also questioned the move by the Central Bank to seek to record more personal information from credit union leaders.

League chief executive Ed Farrell said the representative body was aware of what he said were a number of recent data breach incidents regarding the Beneficial Ownership Register, which includes credit unions.

The register holds the statutory records of the owners or controllers of corporate and legal entities, including details of the beneficial interests held by them.

Even though credit unions are owned by their members, the chairs and chief executives are listed in the Central Bank’s register as being the beneficial owners.

The data breach resulted in the personal details, including name, date of birth, and the first four lines of the home address of a number of credit union chairpersons and CEOs, being erroneously released to a requestor who was only entitled to restricted access to the material held on the register.

The breaches in question occurred on April 20 and were reported to the Data Protection Commission on May 20.

But the affected parties were not informed by the Central Bank until June 24.

This is despite the fact that data breaches are supposed to be immediately reported.

The league said it had written to the Central Bank’s head of registers service to “convey concern”.

This is especially the case as the Central Bank, which is led by Gabriel Makhlouf, is now seeking to add the Personal Public Service (PPS) numbers of credit union bosses to the register.

Business Newsletter

Read the leading stories from the world of business.

This field is required

Mr Farrell said the league has requested a copy of any data protection impact assessment done by the Central Bank into the move to process PPS numbers.

It said it “does not appear to be necessary or proportionate” to process the PPS numbers in the current circumstances.

“We have also sought a copy of the privacy notice with respect to the Register and assurances with respect to the safeguards in place to protect the personal data on the register.”

The Central Bank claims it contacted those impacted by the data leak as soon as possible.

It said it commenced an immediate investigation and reported the matter to the Data Protection Commission.

“The Central Bank identified and contacted impacted data subjects as soon as possible, where it was possible to do so.” It added it has reviewed its data procedures.

It said an individual, for business reasons, made a number of requests for beneficial ownership information for credit unions.

“Due to an error, additional information was provided in some request responses. The individual made the Central Bank aware of the error and, following a request from the Central Bank, confirmed that they had not shared the information and had deleted it.”

Most Watched