Pearse Doherty (Donegal South West, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

134. To ask the Minister for Finance if he will provide an update on the establishment of the credit register; the number of companies that applied to manage the register; and of these, the number that were Irish companies. [13957/15]

Pearse Doherty (Donegal South West, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

135. To ask the Minister for Finance if the company chosen to run the credit register will have access to the personal public service numbers of citizens; and if he will make a statement on the matter. [13958/15]

Michael Noonan (Limerick City, Fine Gael)
Link to this: Individually | In context | Oireachtas source

I propose to take Questions Nos. 134 and 135 together.

The Credit Reporting Act 2013 provides that the Central Bank of Ireland (the 'Bank') is responsible for the establishment and operation of the central credit register (CCR).

In 2014, the Bank completed a public procurement process to select a partner and solutions to build and operate the CCR on its behalf. Eleven companies or partnerships expressed interest in participating in the procurement process (of which five were Irish registered companies). Five companies were shortlisted to take part in the competitive dialogue stage (of which two were Irish registered companies). Four companies submitted provisional tenders (of which two were Irish registered companies) and two companies submitted final tenders (of which one was an Irish registered company). The successful bidder was CRIF S.p.A, an Italian company. It was a condition of the tender that any successful bidder would establish an Irish registered company. In February 2015 the Bank signed a contract with CRIF Ireland Limited, a wholly owned Irish subsidiary of the preferred bidder.

The Bank has now commenced the design of the CCR solution and processes in conjunction with CRIF Ireland Ltd. The Bank continues to engage with representative industry groups to explain its approach and intends to publish a consultation paper in the near future. It is anticipated that 2015 will be spent in developing and testing the technical solutions with relevant stakeholders. The initial phase of the CCR will focus on lending to individuals and is expected to become operational by mid-2016. A later phase will address lending to incorporated entities and is tentatively scheduled to be operational by end-2017. 

The Credit Reporting Act 2013 sets out the range of personal information which may be held on the CCR, including Name, Date of Birth, Address and Personal Public Service Number (PPSN). The Bank will make regulations specifying the final personal information and credit information to be held on the CCR. The Bank notes that the extent and quality of personal information collected will have a significant impact on the capacity of the CCR to deliver complete and accurate credit reports. The Bank must consult with the Data Protection Commissioner on such regulations and also seek the consent of the Minister for Finance. In advance of such consultation on the regulations the Bank intends to conduct a Privacy Impact Assessment to assist in finalising the personal information to be held. The Bank expects that a decision on the specific personal data (including PPSN) to be held on the CCR will be taken in Quarter 4 of 2015.

The Bank will be registered with the Data Protection Commissioner as the data controller for the CCR.  CRIF Ireland Ltd will be registered as a data processor and will process data in accordance with the instructions of the Bank. CRIF Ireland Ltd will have access to all of the personal and credit information held on the CCR in order to create accurate and reliable credit reports. The agreement between the Bank and CRIF Ireland Ltd contains robust provisions regarding the security and confidentiality of CCR information. These provisions are designed to safeguard sensitive personal information and comply with requirements of the Credit Reporting Act and data protection legislation.