Excerpt from The Cyber Express Article, Published on Aug 22, 2024.
Fidelity Bank, a prominent Nigerian financial institution, is at the center of a heated dispute regarding a data breach allegation. The controversy began when a customer alleged in April 2023 that Fidelity Bank had misused their personal information without consent to open an unauthorized account. This claim led the Nigerian Data Protection Commission (NDPC) to investigate the matter, ultimately imposing a hefty fine of ₦555.8 million on the bank for violating data protection laws.
However, Fidelity Bank has strongly refuted the allegations, asserting that their internal investigation found no evidence of a data breach. The bank claims that the account in question was never fully opened due to incomplete documentation, and therefore, no violation occurred. Fidelity Bank has also contested the NDPC’s findings, arguing that the commission’s conclusions are based on insufficient evidence.
The NDPC, led by Babatunde Bamigboye, Head of Legal, Enforcement, and Regulations, maintains that the bank processed personal data without obtaining the required informed consent from the data subjects. The commission found that these violations were not isolated incidents but involved the use of cookies and the bank’s widely downloaded mobile app. Moreover, the NDPC highlighted that Fidelity Bank relied on non-compliant third-party data processors, further compounding the violations.
Despite receiving multiple warnings and being given opportunities to submit a remedial plan, Fidelity Bank has not provided a satisfactory response, leading to the imposition of the fine. The bank’s denial of the allegations and its refusal to pay the fine has escalated the situation, drawing significant attention to the broader issues of data privacy and regulatory compliance in Nigeria’s banking sector.
