Fidelity Bank has disputed allegations of a data breach made by the Nigerian Data Protection Commission (NDPC), which recently imposed a fine of N555.8 million on the bank.
In a statement released on Wednesday, the bank’s spokesperson, Meksley Nwagboh, asserted that no data protection laws were violated, and therefore, the fine imposed by the NDPC is unwarranted.
The NDPC had accused Fidelity Bank of violating customers’ data and imposed the fine based on breaches of the Nigeria Data Protection Regulation (NDPR) of 2019 and the Nigeria Data Protection (NDP) Act of 2023. The commission also criticized the bank for allegedly not cooperating fully during the investigation that led to the penalty.
However, Fidelity Bank maintained that it had adhered to the highest ethical standards and complied fully with existing data protection laws. “As a bank, we remain in discussions with the NDPC for an amicable resolution to this matter,” Nwagboh stated.
Fidelity Bank provided a detailed account of its dealings with the NDPC regarding the issue:
– April 30th, 2023: The bank received a notice of investigation from the Nigerian Data Protection Agency (NDPA), now known as the NDPC. The investigation stemmed from a complaint by an individual who claimed their details were used to open an account at the bank without their consent.
– Following the notice, Fidelity Bank conducted an internal investigation and found that an account opening request was received online in the complainant’s name. The bank informed the individual via the email provided with the request.
– The bank’s data protection policy dictates that accounts opened online without full documentation cannot be operational and are to be closed after 30 days if the necessary documents are not provided to verify the account holder’s identity.
– In line with this policy, the account in question was not operational because the required passport photograph and BVN were not submitted. The account was immediately placed on “Post No Debit” status, and eventually closed after the documents were not provided within the stipulated time.
– May 2nd, 2023: Fidelity Bank responded to the NDPC, stating that no data breach had occurred and that the account opening process had not been completed. The bank asserted that it acted diligently by blocking and subsequently closing the account.
– July 7th, 2023: The bank was invited to a Pre-Action meeting with the NDPC, during which it reiterated its earlier position. Despite presenting its explanation and evidence, the NDPC indicated that it had decided to impose a penalty.
– December 5th, 2023: Fidelity Bank received a letter from the NDPC demanding the payment of a ‘remedial fee’ of N250 million within 21 days.
– The bank continued to engage with the NDPC, convinced that it had not breached any laws or regulations.
– August 20th, 2024: Fidelity Bank received another letter from the NDPC, this time demanding a payment of N555.8 million.
Fidelity Bank continues to assert its innocence, maintaining that it has not breached any data protection laws and that the NDPC’s penalty is unwarranted.
