N555m fine: Fidelity Bank denies breaching customers’ data

By Ayorinde Oluokun/Abuja

Fidelity Bank has denied allegation by the Nigerian Data Protection Commission (NDPC) that it breached the date of some its customers in violation of Nigeria Data Protection Regulation (NDPR) of 2019 and the Nigeria Data Protection (NDP) Act of 2023.

The bank said this while reacting to the imposition of N555.8 million on it over the alleged breach data by the NDPC.

NDPC had also accused Fidelity Bank of failure to cooperate with during its investigation of the alleged breach before it imposed the fine.

However, the bank in a statement by Meksley Nwagboh its spokesperson issued on Wednesday said contrary to the claim of NDPC, it conducted itself to the highest ethical standards by ensuring full compliance with extant laws on data protection.

“As a Bank, we remain in discussions with the NDPC over an amicable resolution to this matter,” Nwagboh said in a statement.

While explaining its interaction with NDPC over alleged data breach, Fidelity Bank said thus:

“On April 30th, 2023, we received a notice of investigation from the Nigerian Data Protection Agency (NDPA), now the Nigerian Data Protection Commission (NDPC). The investigation was in respect of a complaint from [name has been withheld to protect the identity of the complainant] who claimed that [name withheld] details were used to open an account in the bank without [name withheld] consent.

“Based on this notice, we conducted an internal investigation into the circumstances around the claim and discovered as follows:

“An account opening request was received online in the name of [name withheld], and an email was sent to the email address attached to the request informing them about this.

“In compliance with our Data Protection policy, accounts created online without full documentation are not allowed to be operational and are closed after 30 days if the outstanding documents are not provided to authenticate the identity of the person seeking to open the account.

“In compliance with our data protection laws, the account was not allowed to be operational as the passport photograph and BVN were not provided.

“The account was immediately placed on “Post No Debit” status as the applicant was expected to complete the account opening process by providing the outstanding documents for verification within 30 days. This was not done, and the account was eventually closed.

“On May 2nd 2023, we responded to the NDPC that the bank did not violate any law because there was no data breach and that the account opening process was not completed. On our part, we carried out due diligence by immediately blocking the account and subsequently closing the account when we did not receive the outstanding documents.

“At no point in the process was the account ever operational.

“On July 7th, 2023, we were invited for a Pre-Action meeting with NDPC. During the meeting, we restated our position as earlier communicated to them in our letter dated May 2nd.

“However, despite our explanation and evidence provided to support our claim, the agency informed us that they had reached a conclusion to impose a penalty on the bank.

“On 5th December of 2023, we got a letter from NDPC demanding we pay a ‘remedial fee’ of N250 million within 21 days.

“We immediately commenced another round of engagements with the Commission as we were convinced, we had not breached any extant law or regulation.

“While discussions were still ongoing with the NDPC, we received another letter on the 20th of August demanding that we now pay N555.8m naira.”

The bank added: “As a responsible financial organization with a history of strong corporate governance standards, we remain committed to the due process of the law, and we wish to assure all our customers of our unwavering commitment to upholding the highest level of ethical standards in all our dealings with customer data.

“Our commitment to strong corporate governance has earned us local and international recognition, including the prestigious CG+ award. This is the highest rank under the Corporate Governance Rating System (CGRS) of the Nigerian Exchange Group (NGX), which evaluates listed companies against established best practices and standards.

“As a Bank, we remain in discussions with the NDPC over an amicable resolution to this matter.”