The Bank of Ireland’s UK arm sent incorrect details about more than 3,000 customers to credit reference agencies, a mistake that could have impacted their ability to get a loan or mortgage.
Data watchdog the Information Commissioner’s Office (ICO) has issued the bank with a warning after an investigation into the 2021 incident but decided not to issue a fine.
Bank of Ireland is Ireland’s oldest bank and offers a range of banking services to UK customers through a separate subsidiary.
Bank of Ireland UK makes loan mistakes
The incident saw the institution send incorrect outstanding balances on 3,284 customers’ loan accounts to credit reference agencies, the organisations that help lenders decide whether to approve financial products.
According to the ICO, this inaccurate data could have potentially led to these customers being unfairly refused credit for mortgages, credit cards or loans, or granted too much credit on products they were potentially unable to afford.
An investigation by the regulator found that, due to the complex nature and different factors contributing to credit scoring, it would be impossible to determine the actual damage caused to each customer. However, the ICO said it was reasonable to assume that the inaccurate data sent by Bank of Ireland UK to credit reference agencies would have had a negative impact on the customers affected.
The problem was first reported to the ICO in March 2021. It found the bank to be in breach of GDPR by failing to ensure personal data was accurate.
Why the ICO didn’t fine Bank of Ireland UK
In its official reprimand, the ICO recommended measures to ensure the Bank of Ireland UK’s compliance with data protection laws. These include continuing to support affected customers, ensuring that robust processes are in place, and are reviewed regularly. It is also expected to share its learnings from the incident across the organisation.
Mistakes made by financial institutions “can have far-reaching consequences on people’s everyday lives,” said Natasha Longson, ICO head of investigations.
“Some of the customers affected could have been refused mortgages, loans or credit cards, as well as being unable to get mobile phone contracts, insurance policies or sign up with utility companies,” Longson said. “The mistake made by Bank of Ireland UK could have potentially caused misery for thousands of people.”
Explaining the decision not to issue a fine along with the reprimand, Longson said her office recognises “the steps the bank has taken to correct their error, supporting affected customers and reviewing its data-management processes.” She said: “We believe a reprimand is the best, fairest outcome, and that lessons have been learnt to avoid mistakes like these in the future.”
A spokesperson for Bank of Ireland UK said: “We take very seriously our regulatory and compliance obligations, and our duty to customers and regret that we fell short in this instance.
“The bank has rectified the technical issue which caused the errors and introduced additional checks to improve data management and oversight. Once we identified and reported the issue, we engaged fully and proactively with the ICO throughout the investigation.”