View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Bank of Ireland UK avoids fine after mistakes on 3,000 customer credit profiles

The financial institution has been given a telling off, but will face no further action from the data watchdog.

By Matthew Gooding

The Bank of Ireland’s UK arm sent incorrect details about more than 3,000 customers to credit reference agencies, a mistake that could have impacted their ability to get a loan or mortgage.

The ICO has decided not to issue a fine to the Bank of Ireland UK. (Photo by SB_photos/Shutterstock)

Data watchdog the Information Commissioner’s Office (ICO) has issued the bank with a warning after an investigation into the 2021 incident but decided not to issue a fine.

Bank of Ireland is Ireland’s oldest bank and offers a range of banking services to UK customers through a separate subsidiary.

Bank of Ireland UK makes loan mistakes

The incident saw the institution send incorrect outstanding balances on 3,284 customers’ loan accounts to credit reference agencies, the organisations that help lenders decide whether to approve financial products.

According to the ICO, this inaccurate data could have potentially led to these customers being unfairly refused credit for mortgages, credit cards or loans, or granted too much credit on products they were potentially unable to afford.

An investigation by the regulator found that, due to the complex nature and different factors contributing to credit scoring, it would be impossible to determine the actual damage caused to each customer. However, the ICO said it was reasonable to assume that the inaccurate data sent by Bank of Ireland UK to credit reference agencies would have had a negative impact on the customers affected.

The problem was first reported to the ICO in March 2021. It found the bank to be in breach of GDPR by failing to ensure personal data was accurate.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Why the ICO didn’t fine Bank of Ireland UK

In its official reprimand, the ICO recommended measures to ensure the Bank of Ireland UK’s compliance with data protection laws. These include continuing to support affected customers, ensuring that robust processes are in place, and are reviewed regularly. It is also expected to share its learnings from the incident across the organisation.

Mistakes made by financial institutions “can have far-reaching consequences on people’s everyday lives,” said Natasha Longson, ICO head of investigations.

“Some of the customers affected could have been refused mortgages, loans or credit cards, as well as being unable to get mobile phone contracts, insurance policies or sign up with utility companies,” Longson said. “The mistake made by Bank of Ireland UK could have potentially caused misery for thousands of people.”

Explaining the decision not to issue a fine along with the reprimand, Longson said her office recognises “the steps the bank has taken to correct their error, supporting affected customers and reviewing its data-management processes.” She said: “We believe a reprimand is the best, fairest outcome, and that lessons have been learnt to avoid mistakes like these in the future.”

A spokesperson for Bank of Ireland UK said: “We take very seriously our regulatory and compliance obligations, and our duty to customers and regret that we fell short in this instance.

“The bank has rectified the technical issue which caused the errors and introduced additional checks to improve data management and oversight. Once we identified and reported the issue, we engaged fully and proactively with the ICO throughout the investigation.”

Read more: ICO bids to overturn decision to block £7.5m ClearviewAI fine

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.