Inaccurate data was shared from 3,284 customers’ profiles to credit reference agencies, which may have led to refusal for mortgages, credit cards or loans, or customers being granted too much credit, that they were unable to afford.
The Information Commissioner’s Office (ICO) reported that it would be impossible to determine the actual damage caused to each customer, because of the complex nature and different factors contributing to credit scoring, but the impact was negative.
In March 2021, Bank of Ireland UK was found to be in breach of data protection law by failing to ensure personal data was accurate, as per GDPR. The official reprimand recommended that the bank support affected customers by ensuring that robust processes are in place and are reviewed regularly.
Natasha Longson, ICO head of investigations, says: “Mistakes made by financial institutions can have far-reaching consequences on people’s everyday lives. Some of the customers affected could have been refused mortgages, loans or credit cards, as well as being unable to get mobile phone contracts, insurance policies or sign up with utility companies. The mistake made by Bank of Ireland UK could have potentially caused misery for thousands of people. We do however recognise the steps the bank has taken to correct their error, supporting affected customers and reviewing its data-management processes. Therefore, we believe a reprimand is the best, fairest outcome, and that lessons have been learnt to avoid mistakes like these in the future.”