A couple of weeks ago, the social space was polluted by the news of Wema Bank Plc being accused to have opened bank accounts for some persons without their consent. Although Bet9ja (as it is fondly called) is also somewhat linked to this alleged scandal.
Strolling down memory lane, in 2020, Wells Fargo Bank, a private bank based in the United States, and a subsidiary of Wells Fargo & Company were found guilty of just about the same offence and were fined to pay a total of $3 billion as in damages to the aggrieved parties.
The “why” was that Wells Fargo Bank employees reportedly opened millions of bank accounts from 2002-to 2016 for some persons without their consent, which could in the legal phraseology be regarded as a breach of personal information/data.
These criminal and civil liabilities stemmed from the fact that the company reportedly mounted pressure on its staff to meet unrealistic sales targets, which then led to the misappropriation of millions of their customer’s data.
Just recently, some persons accused Wema Bank of opening accounts for them without their consent. And when they logged their complaint and reported the issue, some Wema Bank attendants confirmed the claim to be true.
Could it be that Wema Bank Plc are about to experience the negative repercussions of their supposed mistake?
Well, data privacy and protection have over the past few years been a budding area in the legal industry, especially in developing countries like Nigeria.
While the 2018 European Union General Data Protection Regulation (GDPR) is the main template for data protection and privacy in Nigeria, as well as for most other countries, especially in Europe, data privacy and protection are broadly regulated in Nigeria by the 1999 Constitution of the Federal Republic of Nigeria (as amended, hereinafter referred to as the “CFRN”), and the Nigerian Data Protection Regulation (NDPR).
Section 37 of the CFRN and Articles 2.1, 2.6 and 4 of the NDPR clearly provide for citizens’ or data subjects’ “right to privacy.”
I learned the Nigerian Data Protection Bureau (NDPB) is now in charge of the Wema Bank and Bet9ja alleged scandal.
Whilst we await the outcome of the ongoing investigation, if Wema Bank is found liable as charged they will be made to pay dearly for their misdeed which may include fines, and sanctions from the court, Central Bank of Nigeria and other regulatory agencies.
In light of the above, the highest fine for violations of data privacy rights according to the NDPR sums up to ₦10 million or 2% of the violator’s gross income in this case, Wema Bank’s 2021 gross income.
Usually, judgement is made based on whichever is larger, and it could also be calculated depending on the number of the customer’s data that is dealt with.
In 2021, Wema Bank made a gross income of approximately ₦92 billion and if the 2% fine rule is implemented, Wema Bank will have to pay a sum of about ₦1.9 billion to compensate the aggrieved parties.
While we await the outcome of the investigation and the pronouncement of the distinguished lords at law, it is advisable that you (as an individual or corporate body) deal with people’s or your client’s personal data with utmost care and ONLY for the reason for which the data was collected.
Author: Solomon Oluwaseun Olukoya
Constitution of the Federal Republic of Nigeria 1999, as amended
Nigeria Data Protection Regulation 2019
The United States Department of Justice, 2020. Wells Fargo Agrees to Pay $3 Billion to Resolve Criminal and Civil Investigations into Sales Practices Involving the Opening of Millions of Accounts without Customer Authorization. [online] Available at: <https://www.justice.gov/opa/pr/wells-fargo-agrees-pay-3-billion-resolve-criminal-and-civil-investigations-sales-practices> [Accessed 15 June 2022].
Udegbunam, O., 2022. Wema Bank reacts as data protection agency probes privacy breaches. Premium Times, [online] Available at: <https://www.premiumtimesng.com/business/business-news/535421-wema-bank-reacts-as-data-protection-agency-probes-privacy-breach.html> [Accessed 15 June 2022].