121 credit unions used services of rogue investigators
A STAGGERING 121 of the country's credit unions have enlisted the services of rogue private investigation firms that have stolen reams of personal data belonging to members of the public, the Irish Independent can reveal.
The unprecedented data protection scandal has now engulfed a series of major State agencies - including An Garda Siochana, the Department of Social Protection and the Health Service Executive.
Deeply sensitive personal data, including addresses and PPS numbers, were obtained by private investigators who used illegal techniques to dupe State officials.
The private investigators, also known as tracing agents, then handed over the stolen data to credit unions in return for lucrative fees.
The major data protection breach was first revealed by the Irish Independent in August. It was thought initially that it involved around just a dozen credit unions, mostly based in the Midlands and Limerick.
Now, it has emerged that the controversy engulfs more than a quarter of the credit unions in the State - news that is sure to alarm credit union members.
None of the 121 credit unions which used the services of the private investigators are believed to have seriously queried the methods used to obtain the personal information, the Office of the Data Protection Commissioner has said.
In his first interview since exposing the scandal, Assistant Data Protection Commissioner Tony Delaney announced details of a stringent set of new rules involving the use of private investigators.
Credit unions will now be obliged to inform members by way of the public register that they use the services of private investigators to track down members in arrears.
But, crucially, credit unions must find out from private investigators how they are sourcing the information relating to members that is passed on.
Credit unions will also be obliged to inform the Office of the Data Protection Commissioner if they suspect information was obtained unlawfully.
The details of the strict rules were revealed in a letter sent by Mr Delaney in recent weeks to the 121 credit unions in question.
"All of those Credit Unions used the services of private investigation firms that were successfully prosecuted," Mr Delaney told the Irish Independent. "Up to this, credit unions didn't ask and private investigators didn't tell them how they were getting the information. The purpose of that letter was to tell those credit unions of the cases, to make them aware that they have been using the services of private investigators who have now been successfully prosecuted for criminal offences under the Data Protection Act. But more importantly, to tell them what our guidelines are for the future use of private investigators," he added.
Mr Delaney's investigation involved a number of State agencies which have handed over personal data after being duped by private investigators. But as revealed by this newspaper, some tracing agents were able to elicit data by simply providing a false identity.
The Department of Social Protection - one of the State agencies that handed out data after its officials were duped - has pledged a major tightening of internal data controls.
Mr Delaney said he is satisfied the department has responded appropriately.
"The department is engaging with us at a very regular basis, we are meeting them at a top level very regularly, and they have several initiatives in this department aimed at preventing them from being caught out, as they were previously."