The Information Commissioner’s Office (ICO) issued a reprimand to Bank of Ireland UK following an investigation into the bank’s reporting of incorrect loan account balances for 3,284 customers.
The inaccurate data sent to credit reference agencies could have led to unfair credit decisions for these individuals, affecting their ability to secure mortgages, credit cards, or loans.
The ICO’s investigation, triggered by a report in March 2021, concluded that the bank failed to comply with data protection laws, specifically violating Article 5(1)(d) of the GDPR, which mandates the accuracy of personal data.
The complexity of credit scoring and various factors involved made it impossible to determine the exact impact on each customer. However, the ICO deemed it reasonable to assume negative consequences for those affected.
“Mistakes made by financial institutions can have far-reaching consequences on people’s everyday lives,” said Natasha Longson, ICO head of investigations. “Some of the customers affected could have been refused mortgages, loans or credit cards, as well as being unable to get mobile phone contracts, insurance policies, or sign up with utility companies. The mistake made by Bank of Ireland UK could have potentially caused misery for thousands of people.”
Longson acknowledged the bank’s efforts to rectify the error, including supporting affected customers and revising its data-management processes.
Consequently, the ICO determined that a reprimand was the most appropriate and fair response, emphasising that lessons should be learned to prevent similar incidents in the future.
The ICO’s reprimand includes recommendations for Bank of Ireland UK to continue assisting affected customers, maintain robust data processing practices, regularly review these processes, and share learnings across the organisation to avoid a recurrence of such issues.
