The Central Bank has informed me that this is primarily a matter for the Data Protection Commissioner.
On the issue more generally, the Central Bank expects all regulated entities to fully comply with all legal and regulatory obligations specific to the sector in which the firm operates, including all the Data Protection Acts. The Bank further expects all regulated entities to fully co-operate with the office of the Data Protection Commissioner.
Risk based supervision is fundamental to the Central Bank's statutory mandate to ensure that each regulated entity is meeting its regulatory obligations. It is important for entities to develop a sound appreciation of material operational risks arising from the outsourcing of business activities, and how these risks are interrelated.
Financial service providers regulated by the Central Bank who outsource activities must ensure that the outsourced firm complies with the relevant provisions of legal and regulatory obligations specific to the sector in which the firm operates. Where a regulated entity engages a private investigator then the Bank expects that the relevant guidance from the Data Protection Commissioner's office will be followed.