The controversy surrounding Fidelity Bank Data Breach has gone a notch higher with the Nigerian bank rejections all allegations of privacy violations. The institution, a tier-2 bank with a market capitalization of ₦323billion ($205 million), has vehemently denied allegations of a data breach and has disputed the ₦555.8 million fine imposed on it by the Nigerian Data Protection Commission (NDPC). The bank maintains that it has not violated any data protection laws and that the NDPC’s allegations are unfounded.
The dispute arose after a customer claimed in April 2023 that Fidelity Bank had used their personal information without consent to open an account. The NDPC, upon investigating the matter, found evidence to support the customer’s claim and issued the fine. However, Fidelity Bank has contested the NDPC’s findings, asserting that an internal investigation revealed no evidence of a data breach and that the account opening process was not completed due to missing documentation.
NDPC’s Perspective on Data Breach
In a statement issued by Babatunde Bamigboye, Head of Legal, Enforcement, and Regulations, NDPC, on August 21, 2024, the commission said that it discovered that the bank processed personal data without obtaining informed consent from data subjects. These breaches were found to involve tools such as cookies and the bank’s mobile app, which had been downloaded over one million times.
In addition to its non-compliance, Fidelity Bank was found to be relying on third-party data processors that were also not compliant with the regulations. Under the law, organizations are not only required to be compliant but must also ensure that their vendors, agents, and contractors adhere to the same standards when handling personal data.
The Commission’s initial decision was issued in July 2023, followed by a directive in December 2023 to pay a remedial fee. Despite over ten correspondences and repeated warnings, the bank failed to present a satisfactory remedial plan.
Fidelity Bank’s Response
Reacting to this, Fidelity Bank strongly denied the allegations of a data breach. In a statement released on its website, the bank emphasized that it took data privacy and protection very seriously and had implemented robust security measures to safeguard customer information.
“On May 2nd 2023, we responded to the NDPC that the bank did not violate any law because there was no data breach and that the account opening process was not completed. On our part, we carried out due diligence by immediately blocking the account and subsequently closing the account when we did not receive the outstanding documents. At no point in the process was the account ever operational,” the bank said.
“As a Bank, we remain in discussions with the NDPC over an amicable resolution to this matter,” it added in its statement.
Implications of the Dispute
The dispute between Fidelity Bank and the NDPC has significant implications for the banking industry in Nigeria. If the bank is found guilty of violating data protection laws, it could face additional penalties and damage to its reputation.
Moreover, the outcome of this case could set a precedent for other financial institutions facing similar allegations. Other banks may be more cautious about their data handling practices to avoid facing similar legal challenges.
The dispute also highlights the growing importance of data privacy and protection in Nigeria. As the country’s digital economy continues to expand, it is essential for organizations to prioritize data security and comply with relevant regulations.
Conclusion
The dispute between Fidelity Bank and the NDPC over data breach allegations is a significant development in the Nigerian banking industry. The outcome of this case will have implications for the future of data privacy and protection in the country. It is essential for all organizations, especially financial institutions, to prioritize data security and comply with relevant regulations to avoid facing similar legal challenges.
