Credit unions are expected to fully comply with all legal and regulatory obligations including all data protection requirements. It is further expected that all credit unions fully co-operate with the Office of the Data Protection Commissioner in relation to any matters raised.
Under Section 27(A)(1) of the Credit Union Act, 1997, a credit union is required to maintain appropriate oversight, policies, procedures, processes, practices, systems, controls, skills, expertise and reporting arrangements to ensure the protection of members' savings. Where a credit union outsources its activities it must fully comply with the requirements of Section 76(J) of the Credit Union Act, 1997 and the outsourcing chapter of the Central Bank's Credit Union Handbook. A credit union remains legally responsible for compliance with requirements imposed under financial services legislation in respect of those activities.
However, as Minister for Finance I am not in a position to comment on the ongoing investigation being under taken by the Data Protection Commissioner in relation to claims that credit unions have hired private investigators to obtain confidential details on customers.