Fidelity Bank, a Nigerian tier-2 bank with a market capitalisation of ₦323billion ($205 million), has denied allegations of a data breach by the Nigerian Data Protection Commission (NDPC). The bank has also disputed the ₦555.8 million ($353,254) fine by the NDPC.
At the heart of the matter is a customer’s claim that the bank had used their personal information without consent to open an account.
Fidelity Bank claims an internal investigation showed no evidence of a data breach and that the account opening process was not completed due to missing documentation.
“On May 2nd 2023, we responded to the NDPC that the bank did not violate any law because there was no data breach and that the account opening process was not completed,” the bank said in a statement.
“On our part, we carried out due diligence by immediately blocking the account and subsequently closing the account when we did not receive the outstanding documents.”
The NDPC alleges that the bank processed personal data without informed consent and relied on non-compliant third-party data processors. The regulator imposed a fine of ₦555.8 million ($353,254) on the bank, citing repeated warnings and a lack of satisfactory remedial plans.
Fidelity Bank said the regulator had initially demanded a remedial fee of ₦250 million ($158,894) on December 5, 2023, but the bank had challenged this decision, insisting that they had not violated any laws. Despite ongoing negotiations, the NDPC increased the fine to ₦555.8 million on August 20, the bank claimed.
The bank’s dispute with the NDPC comes amidst growing scrutiny of data privacy and protection in Nigeria. The regulator fined Whatsapp $220 million, over claims that it did not give users consent over the use of their data.