How safe is YOUR sensitive information.
I recently discovered that Irish Life started sending letters to my old address (I have not lived there since September 2010). I believe this started around April 2014.
The letters included half yearly statements and other financial information of investments that I have with Irish Life. It is information that I don’t really want anyone to know about, especially not the tenants who are now living in my house.
Anyway, I asked Irish Life to make a formal investigation of why this happened (they were not aware of the issue until I notified them) and if it was necessary to inform the Data Protection Commissioner. They said that their compliance team would be looking into it.
After several weeks, I was told that it was a system error when they updated software. They did not tell me how many other clients were affected but they said that I was not the only one. They also said that they would notify the Data Protection Commissioner.
I contacted the Data Protection Commissioner’s office directly to ensure that the breach had been reported…it had NOT been. So, the Data Protection Commissioner’s office contacted Irish Life.
I had an update from the Data Protection Commissioner’s office to day and what REALLY surprised me is that they have no power to prosecute or penalise financial institutions over a breach of data protection (I am not referring to my personal issue but generally).
If a financial institution sent the wrong letters (containing sensitive information) to hundreds or thousands of clients, they cannot be punished under the current legislation. However, if I received an unsolicited text message from a financial institution, then they could be fined €5,000.
It shocked me a bit to think that there is currently no penalty for companies who have a serious breach of data protection (again I am not referring to my little incident but more generally).