Fidelity Bank is assessed a penalty by a Nigerian data agency for data breaches

Fidelity Bank (FIDELIT.LG) has been fined 0.1% of its 2023 revenue, or $358,580, by Nigeria’s data privacy agency for violating data laws during the establishment of a customer account, the Nigeria Data Protection Commission (NDPC) said on Thursday.

Fidelity is contesting the decision, but this is the largest sanction the NDPC has ever levied against an entity for data breaches.

Following an investigation that commenced in April 2023, the NDPC instructed Fidelity Bank, Nigeria’s mid-tier lender, to pay the equivalent of 555,800,000 naira ($358,580.65) within fourteen days for the illegal collection of personal data to establish an account for a customer.

In a statement issued on Thursday, Fidelity Bank stated that it did not contravene any laws due to the absence of a data breach and the fact that it did not complete the account opening process for the unnamed customer whose complaint initiated the NDPC’s investigation.

The Fidelity statement stated, “We are currently in discussions with the NDPC to find a mutually agreeable solution to this issue.”

The NDPC stated that it conducted an assessment of Fidelity’s data processing platforms and discovered that “in specific critical situations, the bank processes personal data without the informed consent of data subjects.”

It further stated that Fidelity, among other offenses, employed tools such as cookies and banking applications in violation of the law.

($1 is equivalent to 1,550.00 naira)