| 12.8°C Dublin

New training for Irish Water staff after data breach

Close

Email addresses can be considered "personal data" in certain circumstances and thus are subject to Ireland's data protection laws.

Email addresses can be considered "personal data" in certain circumstances and thus are subject to Ireland's data protection laws.

Email addresses can be considered "personal data" in certain circumstances and thus are subject to Ireland's data protection laws.

Irish Water has been forced to tighten its controls and provide additional training to staff after sensitive bank details were released to the wrong customers due to "human error".

The data breach, which was uncovered by senior Irish Water officials, prompted an investigation by the Data Protection Commissioner.

In up to 15 cases, details relating to direct debits were inadvertently sent to the wrong customers, according to documents released under the Freedom of Information Act.

After an initial investigation, it was established that in nine cases, a customer's direct debit details were disclosed to a third party without consent.

The information was sent in the post to the wrong households.

But officials said there was the prospect of up to 15 cases in total and that efforts were afoot to establish the full extent of the breach.

In correspondence with Irish Water, officials from the Office of the Data Protection Commissioner said that they may be in touch at a later date if a complaint is received from an affected customer.

"I note the remediation steps being introduced to prevent a repeat of these type of incidents. I assume that individuals who received the incorrect data have been/will be contacted asking them to return or destroy the letters they previously received," said a DPC official.

According to Irish Water briefing notes, the public utility has since claimed to have significantly tightened its controls surrounding the use of customer data as a result of the breach.

"Irish Water has put in place a range of mitigating measures to ensure that these incidents, the primary cause of which is human error, do not happen again. These measures include no longer accepting direct debit mandates by phone, as well as instigating further training and widening the scope . . . of the quality control process . . ."

In a statement last night, an Irish Water spokeswoman told the Irish Independent: "Irish Water dealt with this issue appropriately at the time, contacting the affected customers and the Date Protection Commission in the necessary manner and putting safeguards in place to ensure this issue didn't arise again."

Daily Digest Newsletter

Get ahead of the day with the morning headlines at 7.30am and Fionnán Sheahan's exclusive take on the day's news every afternoon, with our free daily newsletter.

This field is required


Privacy