Irish Independent 19th August 2014
A full review is to be undertaken into credit unions that used private investigators who illegally obtained personal data from the Department of Social Protection.
The Irish League of Credit Unions (ILCU) announced the move yesterday as the minister with responsibility for data protection said he was “deeply concerned” by revelations in this newspaper.
The credit union network has been rocked by an Irish Independent investigation into the use of so-called tracing agents. The branches at the centre of the scandal face the prospect of being told to destroy any personal data handed over by private investigators who are being probed by the Data Protection Commissioner. These credit unions include four in Limerick, five in the midlands, two in Dublin and one in Meath. Assistant Data Protection Commissioner Tony Delaney is pursuing a number of firms who used false identities and blagging tactics to illegally obtain the information from the Department of Social Protection. While the credit unions who received the stolen data insist they were not aware of the methods used by the private investigators, the ILCU last night said a review into the use of the firms will take place.
Minister for Data Protection Dara Murphy said he was "deeply concerned" at the revelations. And Fianna Fail finance spokesman Michael McGrath called for the establishment of a code of conduct for financial
institutions enlisting the services of private investigators. "The issues raised by the Irish Independent are very grave. The Central Bank must devise a code of conduct that would apply to the use of Private Investigators by financial institutions. Such a code is of paramount importance to ensure the integrity of people's personal data is protected at all times," Mr McGrath said. Meanwhile, the Central Bank last night said it expected all credit unions to fully co-operate with the Office of the Data Protection Commissioner. "The Central Bank expects that each credit union fully complies with all legal and regulatory obligations including all data protection requirements," a spokesperson said. "The Central Bank will assess the need for correspondence with individual credit unions and/or the credit union sector in relation to specific issues arising from this matter. "The investigation by Assistant Commissioner Delaney was launched last July and established that state officials had been duped by private investigators hired by credit unions. In some instances, agents contacted welfare officials and obtained addresses and employment details through a single phone call. The agents struck up a rapport with the unsuspecting department officials who they continually contacted for personal data. They introduced themselves as fellow state officials, from departments north and south of the Border. At least 78 credit union customers had their information breached. However, it is believed reams of other data was obtained by agents who targeted other state agencies. Some credit unions paid out €50 per single address. The Irish Independent
understands credit unions who are storing stolen data may be asked to destroy it. The Department of Social Protection has said it continuously reviews its internal controls and takes data protection responsibilities very seriously. In a statement to the Irish Independent, the ILCU confirmed that a review of the use of private investigators would take place. The umbrella body, with represents 374 credit
unions nationwide, also said it would be seeking a meeting with the Office of the Data Protection Commissioner "to ensure best practice going forward for all credit unions using tracing agents or private investigators". "We take very seriously any allegation that a private investigator working for a credit union has obtained information on members illegally. The ILCU has written to our affiliated credit unions and reminded them of the guidelines issued by DPC in relation to best practice in this area," the organisation said. “Furthermore the ILCU's CU Learning & Development also provides training courses to support our credit unions in the areas of data protection and credit collection in the Republic of Ireland. These courses are available throughout the year. In addition we will commence a review of credit unions who may have enlisted the services of private investigators to
pursue arrears. ‘
