Fidelity Bank has reaffirmed its commitment to Data Protection and strong corporate governance.
The bank made the reaffirmation while reacting to fine imposed by the National Data Protection Commission (NDPC).
Mr. Vincent Olatunji, NDPC’s National Commissioner, had announced on Wednesday that the commission fined Fidelity Bank N555.8m for violating customers’ data privacy.
Olatunji said this at the Validation Workshop on the Nigeria Data Protection Act General Application and Implementation Directive, in Abuja, on Wednesday.
- LGs autonomy: FG inaugurates panel to enforce S/Court judgement
- Reps minority caucus demands Tinubu action against rising kidnapping, insecurity
He had said the fine which was issued on Tuesday must be paid within the next 14 days.
Olatunji said the Commission had been investigating the bank since April 2023 and that it decided to issue the full penalty due to the bank’s arrogance on the matter.
He said the bank violated the Nigeria Data Protection Regulation (NDPR) of 2019 and the Nigeria Data Protection (NDP) Act of 2023
But responding in a statement by Dr Meksley Nwagboh, its Divisional Head, Brand & Communications, Fidelity Bank said it fully complies with extant laws on data protection.
“Our attention has been drawn to a news story titled, “NDPC Fines Fidelity Bank for Data Breach. While the matter is a subject of an ongoing engagement with the regulator, we wish to assure the public that we have conducted ourselves to the highest ethical standards by ensuring full compliance with extant laws on data protection.”
“Below is a breakdown of our dealings with the NDPC since we received their letter informing us about an alleged data breach:
“On April 30th, 2023, we received a notice of investigation from the Nigerian Data Protection Agency (NDPA), now the Nigerian Data Protection Commission (NDPC). The investigation was in respect of a complaint from [name has been withheld to protect the identity of the complainant] who claimed that [name withheld] details were used to open an account in the bank without [name withheld] consent.
“Based on this notice, we conducted an internal investigation into the circumstances around the claim and discovered as follows:
o An account opening request was received online in the name of [name withheld], and an email was sent to the email address attached to the request informing them about this.
o In compliance with our Data Protection policy, accounts created online without full documentation are not allowed to be operational and are closed after 30 days if the outstanding documents are not provided to authenticate the identity of the person seeking to open the account.
o In compliance with our data protection laws, the account was not allowed to be operational as the passport photograph and BVN were not provided.
o The account was immediately placed on “Post No Debit” status as the applicant was expected to complete the account opening process by providing the outstanding documents for verification within 30 days. This was not done, and the account was eventually closed.
“On July 7th, 2023, we were invited for a Pre-Action meeting with NDPC. During the meeting, we restated our position as earlier communicated to them in our letter dated May 2nd. However, despite our explanation and evidence provided to support our claim, the agency informed us that they had reached a conclusion to impose a penalty on the bank.”
The statement added that the commission slammed a ‘remedial fee’ of N250 million on the bank despite all efforts to prove its innocence on the issue.
“As a Bank, we remain in discussions with the NDPC over an amicable resolution to this matter,” the statement read.