Data breach: NDPC slams Fidelity Bank N555.8m fine

Author

Categories

Share

Following investigations into violations of Nigeria Data Protection Act, 2023 and the Nigeria Data Protection Regulation, 2019, Nigeria Data Protection Commission (the Commission) ordered Fidelity Bank PLC to pay a sum of sum of N555,800,000 (Five Hundred and Fifty-Five-Million-Eight Hundred-Thousand naira) only being 0.1% of the Bank’s annual gross revenue in 2023. This is to be paid within 14 days upon the receipt of the Notice.
The investigation into the data processing activities of Fidelity Bank PLC was triggered by a complaint from a data subject whose personal data was collected without lawful basis for the purposes of opening an account for the data subject. This complaint was lodged with the Commission in April 2023.
The Commission reviewed the data processing platforms of Fidelity Bank and found that in certain critical cases, the Bank processes personal data without informed consent of data subjects. Data processing tools such as cookies and banking apps were deployed in violation of the NDP Act. Its banking App at the material time had been downloaded over one million times.
Apart from internal non-compliance, the Bank relies on some non-compliant third-party data processors. The law not only enjoins an organization to be compliant, it also mandates its relevant vendors, agents or contractors, among others to be accountable when handling personal data of individuals.
It is to be noted that the initial decision of the Commission was issued since July 2023 and a directive to pay a remedial fee was issued in December 2023 Over ten correspondences were exchanged. The Commission issued repeated warnings to no avail. The Commission gave several opportunities for full accountability for over one year – taking into account the need to encourage compliance as a culture. However, Fidelity Bank did not provide requisite, satisfactory remedial plan.

The National Commissioner and CEO of the Nigeria Data Protection Commission, Dr. Vincent Olatunji, enjoins Data Controllers and Data Processors to eschew acts that may undermine trust and confidence in Nigeria’s capacity to protect data driven decisions and transactions. Dr. Olatunji notes that without demonstrable assurance of accountability in the exchange of goods and services, economic growth would be gravely hampered. However, through compliance with laws that protect freedoms of individuals, their lives and livelihoods, Nigeria will witness more and more momentum for sustainable development.

Author

Share