dark

NDPC N555.8m fine: Fidelity Bank denies data breach allegation

By Stanley Onyeka, Lagos

Fidelity Bank has disputed the allegation of data breach by the Nigerian Data Protection Commission (NDPC), saying it has conducted itself to the highest ethical standards by ensuring full compliance with extant laws on data protection.

Accordingly, the bank, in a statement on Wednesday by the Divisional Head, Brand and Communications at Fidelity Bank, Meksley Nwagboh, has challenged the N555.8 million fine imposed on it by the NDPC.

The National Commissioner of NDPC, Vincent Olatunji, had announced the imposition of the fine at the Nigeria Data Protection (NDP) Act General Application and Implementation Directive (GAID) validation workshop in Abuja.

While insisting on the data privacy laws, leading to the substantial fine, Dr. Olatunji, disclosed that the Commission commenced an investigation into Fidelity Bank in April 2023, and, upon conclusion, found that it defaulted.

He added that the bank’s “arrogance ultimately led us to impose the full penalty.”

Mr. Olatunji further noted that “Most of the breaches we have treated, we look at the level of the breach, the impact, the number of data subjects affected and the level of cooperation that is involved.

“Since we started, the only time we issued a major penalty was yesterday on Fidelity Bank; a fine of N555,800,000 after we observed some breaches.

“We have been working with them since April 2023 on the investigation and, by the time we finalised, we decided to issue a full penalty on them, which is about 0.1 per cent of the gross earnings for 2023.”

Account opening

However, clarifying allegations, Fidelity Bank explained that the alleged breach involved an account opening request received online, which was never operational due to incomplete documentation.

The bank emphasised that it had “carried out due diligence by immediately blocking the account and subsequently closing it when outstanding documents were not provided.”

The bank continued: “On April 30th, 2023, we received a notice of investigation from the Nigerian Data Protection Agency (NDPA), now the Nigerian Data Protection Commission (NDPC).

“The investigation was in respect of a complaint from [name withheld] who claimed that [name withheld] details were used to open an account in the bank without [name withheld] consent.”

Fidelity Bank said it then conducted an internal investigation in response to the notice and discovered that “an account opening request was received online in the name of [name withheld], and an email was sent to the email address attached to the request informing them about this.

“In compliance with our Data Protection policy, accounts created online without full documentation are not allowed to be operational and are closed after 30 days if the outstanding documents are not provided to authenticate the identity of the person seeking to open the account.

“In compliance with our data protection laws, the account was not allowed to be operational as the passport photograph and BVN were not provided.

“The account was immediately placed on ‘Post No Debit’ status as the applicant was expected to complete the account opening process by providing the outstanding documents for verification within 30 days. This was not done, and the account was eventually closed.”

The penalty is huge if you don’t comply; penalties can range from N10 million to even up to two per cent of the organisation’s annual gross income for the previous year.

Fidelity Bank also recalled that it had responded to the NDPC on May 2nd, 2023, asserting that there was no data breach and that the account opening process was never completed.

“On our part, we carried out due diligence by immediately blocking the account and subsequently closing the account when we did not receive the outstanding documents. At no point in the process was the account ever operational,” the bank said.

It further disclosed that on July 7, 2023, the Bank was invited for a Pre-Action meeting with the NDPC, during which it reiterated its stance on the issue.

It added that despite providing evidence to support its claims, the NDPC proceeded to impose a penalty.

Specifically, the Bank reported that it had received a letter on December 5, 2023, demanding a ‘remedial fee’ of N250 million within 21 days and was surprised to receive another on August 20, 2024, escalating the fee to N555.8 million while still in dialogue with the Commission.

But for Mr Olatunji, “The penalty is huge if you don’t comply; penalties can range from N10 million to even up to two per cent of the organisation’s annual gross income for the previous year.”

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

FG hikes fees for international passport

Next Post

Oando completes acquisition of NAOC in a $783m deal

Related Posts
Total
0
Share