Compliance Institute Greenwashing Survey 8th May


Compliance Institute Media Coverage in the Irish Independent.


Data protection rules not observed, say compliance officers.




Date: 2nd January 2024


Compliance Institute was featured in media coverage in the Irish Independent online.


Data protection rules not observed, say compliance officers.


Professionals say breaches going unreported as companies fear penalties and damage to reputation.


More than half of compliance professionals believe that data protection rules have been breached in their organisation at one time or another.


An even greater number acknowledged that they are aware of such breaches having taken place in organisations they previously worked in.

A new survey by the Compliance Institute, which polled 230 compliance professionals working primarily in Irish financial services organisations nationwide, found that almost one in five of those asked said they were aware of more than one instance of a data breach situation in their organisation.


Two-thirds of compliance experts, reported that they believe certain data protection breaches go unreported to varying degrees.

When asked to identify what they believe are the factors contributing to organisations not reporting data protection breaches, nearly half of those surveyed, believe that businesses, for the most part, do not intentionally neglect to report breaches.

Half of those surveyed think that concerns about potential damage to their brand reputation might lead organisations to keep such violations confidential. Fewer survey participants said that penalties linked to data breaches and scrutiny from regulatory authorities was a contributing factor.


Chief Executive of the Compliance Institute Michael Kavanagh said: “The reality is that data breaches can occur within even the most vigilant and secure organisations, underscoring the need for constant diligence in safeguarding sensitive information. Recent reports give weight to the contention that no organisation is 100pc impervious to a breach.”


Mr. Kavanagh said that in August of this year, the Central Bank of Ireland, the nation’s financial services watchdog suffered an archiving error data breach that impacted the retention of certain data on borrowers’ credit reports stored within the Central Credit Register.

Following this, the Data Protection Commission (DPC) has initiated an inquiry into the breach.

Also, earlier this year, a disclosure made under the Freedom of Information Act revealed that Revenue said there had been 256 data breaches throughout last year, with a further 119 in the period from January to June 2023.


Findings from the Compliance Institute’s data breach survey revealed that a majority of surveyed compliance professionals said that breaches frequently go unreported, with a quarter going so far as to believe that “many” breaches are left unaddressed.

Less than half express confidence that organisations would not wilfully fail to report a breach.

The predominant deterrent for reporting appears to be the fear of damaging brand reputation, closely followed by the apprehension of being held accountable.


Others fear that penalties and regulatory scrutiny act as disincentives for reporting incidents.

Mr. Kavanagh said: “Organisations have distinct obligations and responsibilities in safeguarding data, and even when they diligently meet their legal requirements, errors can occur.


“These errors typically include IT blunders, human oversight, and malicious cyber activities, among various other potential pitfalls.

“Expecting absolute invulnerability from every organisation is unrealistic, particularly considering the relentless pace at which cybercriminals advance their tactics to steal data. The response protocol an organisation takes following a breach holds equal importance to its pre-emptive security measures.”



Print Coverage - please see below:

Irish Independent