# "Credit Unions used stolen data to snoop on customers"



## Brendan Burgess (15 Aug 2014)

CREDIT  Unions hired private investigators who used illegal tactics to obtain  confidential details belonging to unsuspecting customers across the  country, an Irish Independent investigation has reveal*.* 

...
An  Irish Independent investigation can reveal that the names of 468 credit  union customers have been crosschecked by the Office of the Data  Protection Commissioner with the Department of Social Protection in  recent months amid fears their personal information was breached.
Following  a lengthy internal probe in the Department, it was confirmed that  personal data belonging to 78 customers were provided to private  investigators who gave false identities.
 - See more at:  http://www.independent.ie/irish-new...-customers-30510600.html#sthash.S0ZibsKw.dpuf


----------



## dereko1969 (15 Aug 2014)

Why is it written in such a way as to imply the Credit Unions knew illegal methods were being used, surely it is more of an issue for the private detectives and for the Departmental staff who gave out the information.

The Credit Unions hired tracing agents, they're allowed presume only legal methods were used to trace the missing loan defaulters.


----------



## DB74 (15 Aug 2014)

Next headline - "dereko1969 defends Credit Unions use of stolen data"


----------



## Branz (15 Aug 2014)

dereko1969 said:


> Why is it written in such a way as to imply the Credit Unions knew illegal methods were being used, surely it is more of an issue for the private detectives and for the Departmental staff who gave out the information.
> 
> The Credit Unions hired tracing agents, they're allowed presume only legal methods were used to trace the missing loan defaulters.


Not the first time for the Dept to be in this particular wringer.
http://www.breakingnews.ie/ireland/...mit-breaking-data-protection-laws-539722.html


----------



## dub_nerd (15 Aug 2014)

"DB74 alleges dereko1969 complicit in Credit Union data theft".


----------



## Branz (15 Aug 2014)

dub_nerd said:


> "DB74 alleges dereko1969 complicit in Credit Union data theft".


Does using an illegal method such as impersonation actually amount to theft?
It seems the information was given voluntarily for the wrong person.


----------



## Time (15 Aug 2014)

I am not at all surprised given the way some credit unions are run.


----------



## Padraigb (15 Aug 2014)

Time said:


> I am not at all surprised given the way some credit unions are run.


There is nothing in the story that shows that any CUs did anything wrong.

I'm not surprised at the headline, given the way some newspapers are run.


----------



## WizardDr (16 Aug 2014)

On the subject of personal data - we should be concerned that as we continue police state tactics - the transfer of your data around is of no concern to anyone.

There are simple techniques which we could adopt:

1. Use of PPS Number (which the Department think is 'theirs' under S262 SW Consolidation Act 2005 (which is highly suspect).
2. This should be basis of a Negative / Positive search by one Financial Institution on another
3. Abandon the building of a credit reference agency which is then not needed.

Be fearful as there is NO thinking going on to protect you except facilitate the transfer of data around the place.

You have been warned.


----------



## ClubMan (6 Oct 2014)

Padraigb said:


> There is nothing in the story that shows that any CUs did anything wrong.



Arguably there is now...

http://www.independent.ie/irish-new...mmissioner-welcomes-court-fines-30642894.html



> However, the Data Protection Commissioner remained critical of credit union branches that used the private investigators to unearth information.
> 
> “Rather than carrying out due diligence prior to hiring MCK Investigations, the credit unions  asked no questions, took the unlawfully obtained personal data and used it and they commended the success rate of MCK Investigations to their colleagues in the sector,” said the statement.
> 
> “Secondly, a number of credit unions supplied PPS numbers to MCK Investigations to assist them in tracing the members concerned. This is a matter of serious concern and it should not have happened.”


----------



## Time (6 Oct 2014)

The CU's in question should also be prosecuted.

I would never give my PPSN to any financial institution based on this carry on.


----------



## Bronte (7 Oct 2014)

WizardDr said:


> On the subject of personal data - we should be concerned that as we continue police state tactics - the transfer of your data around is of no concern to anyone.
> 
> There are simple techniques which we could adopt:
> 
> ...


 
Indeed, and as previously stated on here I have the PPS numbers of my tenants past and present, their address, their full names, their nationality and the phone numbers, easy for me to know their car number plate etc.


----------



## CU Manager (8 Oct 2014)

Time said:


> The CU's in question should also be prosecuted.
> 
> I would never give my PPSN to any financial institution based on this carry on.



If you want to open a new a/c you must provide the PPSN or else do without the a/c.

Its amazing that this story is CU centred. For me, the worrying thing is that those in charge of our data in government agencies give it away so easily


----------



## Bronte (8 Oct 2014)

CU Manager said:


> Its amazing that this story is CU centred. For me, the worrying thing is that those in charge of our data in government agencies give it away so easily


 
Surely this is an offence by the civil servants and requires discipline or punishment of some kind.  Or even a court case.


----------



## Time (8 Oct 2014)

> If you want to open a new a/c you must provide the PPSN or else do without the a/c.


There are plenty of banks that will open accounts without this information. I have never been asked for it or have given it.


----------



## 24601 (10 Oct 2014)

CU Manager said:


> If you want to open a new a/c you must provide the PPSN or else do without the a/c.
> 
> Its amazing that this story is CU centred. For me, the worrying thing is that those in charge of our data in government agencies give it away so easily



I'd agree that there is far more blame to be attached to the State officials that gave away personal data so carelessly, but surely you could not defend the practice of some CU's in passing on PPS numbers to these very often shady operators?

It's very easy for the League to complain that the PI industry should be regulated, which it should, but some of the practices I've come across in some CUs in relation to the safekeeping of members' data are shocking, and CUs should have a bit more cop-on if they're going to be engaging the services of such professionals.


----------



## Time (10 Oct 2014)

There should be prosecutions all round. CU's, their directors, PIs, DSP officials etc. 

I would hardly call a PI a professional. Anyone can be a PI there is zero regulation of it. To stand inside the local Lidl catching shoplifters you need a licence and vetting. 
There is nothing to stop failed security guards, retired cops, bored housewives from becoming PI. Just because they have a business card does not make them professional.


----------



## 24601 (10 Oct 2014)

Yes, I really should have put that as "professionals" as opposed to professionals. In my experience a lot of these characters tend to be ex-guards or security who should really know better. 

CU officers with the most elementary understanding of DP law should be wise enough to know that handing over personal data to these people is a recipe for disaster. 

As an aside, I do understand why some CUs with particularly acute arrears issues would feel the need to go down this route, but I think it's not in keeping with the movement's ethos and should be avoided unless absolutely necessary.


----------



## unsub (10 Oct 2014)

All financial institutions have a problem in locating errant debtors, the people who flit from rented location to the next rented location every 3 or six months, change their mobile phone numbers regularly all with the intent of giving their creditors the slip, or even those who "neglect or fail" to provide their financial institutions with up to date contact details.

So how do you catch up with them?

If you are a shareholder/deposit holder/Credit Union member, I would think that you would want your financial institutions to chase these people to ensure loans are paid back, arrangements made etc. to maximize the profits/interest/dividends for you.

It is a time consuming and costly business for the financial institutions/creditors in tracing these absconders.

Maybe Irish Water will become an unwitting helper here as I have no doubt that absconders will wish to wash themselves occasionally!!, which means they will have to register with Irish Water every time they change address, this might slow them down somewhat.

Again, how do you catch up with absconders?
Answers please, without the hyperbole and sensationalism of some headline seeking journalists.


----------



## Branz (10 Oct 2014)

CU Manager said:


> If you want to open a new a/c you must provide the PPSN or else do without the a/c.


AFAIK the PPSN number is only required if the account is interest earning.


----------

