An individual made an access request to the Irish Credit Bureau (ICB), the main credit referencing body in Ireland, to see his credit record. On receiving the information, he noticed that a number of financial institutions, with which he had never had any dealings, had viewed his credit record. The individual was concerned that his private financial affairs had been disclosed in contravention of the Data Protection Act. In the course of our investigations into this matter, my Office established that the financial institutions involved had made a credit check relating to another individual who shared a similar (but not identical) name and similar (not identical) address.
The ICB returned information relating to the complainant, on the basis that his details were a “close match” to those supplied by the financial institutions. The ICB defended this practice, arguing that, in the absence of a unique personal identifier or precise postal codes, and in the light of Gaelic name variations, determining identity with precision was not an exact science in the Irish context. While noting the general point made by the ICB, I did not see that were was any justification for the supply of data relating to the complainant in this particular case. Certainly, the financial institutions which had been given the complainant’s details were able to discern that information had been “over-supplied”, and could identify and dispose of the information relating to the complainant…
Click here to read more on Irish Credit Bureau
No related Case Studies.