The breach was notified to the media by Paul Keogan when Irish Water sent a letter containing Paul’s bank information to his landlord by mistake. Not only had the utility company failed to contact Paul about the breach, but Paul was struggling to get in touch with them, and so vented his frustration on Twitter, which is where the story was picked up.
A spokesperson for the Data Protection Commissioner confirmed that Irish Water had reported the matter and had advised Irish Water to:
- Notify the individuals affected.
- Notify the recipients of the letters and ask them to be returned.
- Put procedures in place to prevent something like this happening again.
Irish Water has said that these requirements are being addressed.
The Data Protection Commissioner has received a “large number” of enquiries from members of the public in relation to Irish Water’s processing of personal data. Just last month, Irish Water apologised to over 6,300 customers after it sent them letters with data relating to other individuals.
Processing personal data correctly and efficiently is now a critical business issue and is something that customers and clients expect from all of the organisations they do business with. Failure to do so could not just involve a data breach and fines, but also loss of customer confidence and business.
If you want to prove your data management and cyber security credentials then you need ISO27001, the international information security standard. Find out how ISO27001 relates to European data protection legislation in our new guide, How ISO27001 can help you comply with European data protection legislation, available to download for free.