*Dr. Vincent Olatunji, National Commissioner/CEO of the Nigeria Data Protection Commission, affirms Fidelity Bank鈥檚 data violations are serious, and despite working with the financial institution to address the issues since April 2023, 鈥榯heir arrogance鈥� ultimately, led the regulatory Commission to impose the full N555.8million penalty

*Fidelity Bank didn鈥檛 violate any law because there鈥檚 no data breach 鈹�Head of Brand and Communications

Isola Moses | 绿帽献妻

Sequel to recent fine imposed on the financial institution for alleged infraction, Fidelity Bank Plc has denied allegations of data breach the Nigeria Data Protection Commission (NDPC) has preferred against it.

Meksley Nwagboh, Divisional Head of Brand and Communications of Fidelity Bank, in a recent statement argued that the bank 鈥渃onducted itself to the highest ethical standards by ensuring full compliance with extant laws on data protection鈥� in the banking sector of the economy.

绿帽献妻 reports the country鈥檚 data regulatory Commission had slammed N555.8 million heavy fine on Fidelity Bank for purportedly violating data privacy laws in the West African economy.

Dr. Vincent Olatunji, National Commissioner/Chief Executive Officer (CEO) of NDPC, disclosed this development during a Validation Workshop on the Nigeria Data Protection Act General Application and Implementation Directive held Wednesday, August 21, 2024, in Abuja, FCT.

The bank was found to have breached the Nigeria Data Protection Regulation (NDPR) of 2019 and the Nigeria Data Protection (NDP) Act of 2023.

Olatunji also affirmed that the penalty which the NDPC has imposed on the bank is the largest ever the Commission has issued against any organisation.

Fidelity Bank didn鈥檛 violate any law because there鈥檚 no data breach: Official

Nwagboh, Divisional Head of Brand and Communications of Fidelity Bank, in the statement also reacted to the fine, noting that the commercial bank said the alleged data breach was investigated.

He stated that it was discovered that 鈥渁n account opening request was received online, but the account was not operational due to incomplete documentation.鈥�

The bank also contended that it 鈥渃arried out due diligence by immediately blocking the account and subsequently closing it when outstanding documents were not provided.鈥�

The Nigerian financial institution explained: 鈥淥n April 30th, 2023, we received a notice of investigation from the Nigeria Data Protection Agency (NDPA), now the Nigeria Data Protection Commission (NDPC).

鈥淭he investigation was in respect of a complaint from (name has been withheld to protect the identity of the complainant) who claimed that (name withheld) details were used to open an account in the bank without (name withheld) consent.鈥�

In regard to the 鈥渁ccount immediately put on post no debit鈥� which reportedly culminated in the huge penalty the regulator has imposed on it, Fidelity Bank said based on the notice it had received, the bank conducted an internal investigation into the circumstances around the claim.

According to Nwagboh, the bank discovered that 鈥渁n account opening request was received online in the name of [name withheld], and an e-mail was sent to the email address attached to the request informing them about this.

鈥淚n compliance with our Data Protection policy, accounts created online without full documentation are not allowed to be operational and are closed after 30 days if the outstanding documents are not provided to authenticate the identity of the person seeking to open the account.鈥�

Bank further noted: 鈥淚n compliance with our data protection laws, the account was not allowed to be operational as the passport photograph and BVN were not provided.

鈥淭he account was immediately placed on 鈥楶ost No Debit鈥� status as the applicant was expected to complete the account opening process by providing the outstanding documents for verification within 30 days.

鈥淭his was not done, and the account was eventually closed.鈥�

The Head of Brand and Communications said: 鈥淥n May 2nd, 2023, we responded to the NDPC that the bank did not violate any law because there was no data breach and that the account opening process was not completed.

鈥淥n our part, we carried out due diligence by immediately blocking the account and subsequently closing the account when we did not receive the outstanding documents.

鈥淎t no point in the process was the account ever operational.鈥�

He also stated: 鈥淥n July 7th, 2023, we were invited for a Pre-Action meeting with NDPC. During the meeting, we restated our position as earlier communicated to them in our letter dated May 2nd.

鈥淗owever, despite our explanation and evidence provided to support our claim, the agency informed us that they had concluded to impose a penalty on the bank.鈥�

The bank said: 鈥淥n 5th December of 2023, we got a letter from NDPC demanding we pay a 鈥榬emedial fee鈥� of N250 million within 21 days.

鈥淲e immediately commenced another round of engagements with the Commission as we were convinced we had not breached any extant law or regulation.鈥�

Fidelity Bank claimed while it was still engaging with the NDPC on resolving the alleged data violations, the bank received another letter August 20 this year, indicating the imposition of N555.8 million fine on the banking institution.

NDPC: Why data regulatory Commission imposes huge fine on Fidelity Bank

The National Commissioner of NDPC disclosed the data regulatory Commission aggravated the penalty because of the bank鈥檚 corporate irresponsibility, 鈥渓ack of cooperation鈥� and 鈥渄ismissive attitude during the investigation鈥�.

Dr. Olatunji stated: 鈥淪ince we began enforcing data protection regulations, this is the most significant penalty we鈥檝e issued.

鈥淔idelity Bank鈥檚 violations were serious, and despite working with them since April 2023 to address these issues, their arrogance ultimately led us to impose the full penalty.鈥�

Dr. Olatunji further stressed the significance of data protection compliance in the economy.

According to him, penalties for non-compliance with the NDP Act 2023 can range from N10million to two percent of an organisation鈥檚 gross earnings.

Meanwhile, the NDPC since Wednesday, August 21 has given Fidelity Bank two weeks to pay the fine upon receiving the notice.

It is noted that this action underscores the Commission鈥檚 commitment to enforcing data protection laws, and holding organisations accountable for safeguarding consumers鈥� data in the Nigerian economy.

Kindly Share This Story