Data Privacy is one of the greatest trends in the World in which we live in. Even though it is a concept that has been around for decades. It’s development can be credited to the advent of technology and an increased rate in data collection through several digital platforms and online mediums .
Data in its simplest form is referred to as a collection of facts which can include numbers, word, measurements, observations or just descriptions of things. Financial Institutions are one of the highest collectors of Personal data. Personal data’ is defined under the NDPR as information relating to an identified or identifiable natural person. It can include identifiers such as name, address, photo, email address, bank details, medical information, IP Address, Phone number, IMEI Number etc.
What does it mean when your data is being processed?
This includes the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
Financial institutions are required to take steps to protect the privacy of their consumers finance so therefore there are several laws that regulates how consumers data is being processed in financial institution in Nigeria such as:
1. The Constitution of the Federal Republic of Nigeria 1999 which guarantees the Right to Privacy
2. Consumers Protection Framework
3. Banking and Other Financial Institutions Act 2020
4. Nigerian Data Protection Regulation 2019
There are several supervisory bodies that regulates and ensures compliance of these financial institutions which include:
1. National Information Technology Development Agency (NITDA)
2. Economic and Financial Crimes Commission(EFCC)
3. Central Bank of Nigeria (CBN)
4.Office of the National Security Adviser
As a consumer or customer of a financial institution, you are a data subject and possess legal rights as to the processing of your data. According to the General Data Protection Regulation, a Data Controller is a person, company or other body that determines the purpose and means of personal data processing.
Informations such as Contact Details, Account number, Account Balance, statement of Accounts, and any other information which you may have provided or maybe know to the Financial Institution is to be protected from a Third Party at all times.
Conditions Required before Processing of Data by Financial Institutions
1. the data subject(customer) has given consent to the processing of his or her personal data for one or more specific purpose
2. processing is necessary for the performance of a contract to which the data subject(customer)is party to or in order to take steps at the request of the data subject prior to entering into a contract i.e background checks for loan applications or loan repayment;
3. processing is necessary for compliance with a legal obligation to which the controller is subject.
4. processing is necessary in order to protect the vital interests of the data subject or of another natural person.
5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official public mandate vested in the controller.
Penalties for Breach
A data subject is enriched with several legal actions that can be taken consequent to the breach of his/her data privacy and there are several consequences that a Financial Institution is at risk of suffering such as: Letter of Apology, Restriction of Activities, Revocation of Banking License , Warning Letter to the Management, Publication of Sanction, Prosecution by Law Enforcement, Refund or Monetary Compensation to Aggrieved Data Subject(customer) in line with relevant regulations, Fines e.t.c.
Conclusion
Financial institutions have a big role to play in protecting the data of their data subjects. Even though consent is required, it is important to note that there are indirect consents, such as walking into a bank and requiring financial services. There are also direct consents such as Clicking “yes” or “I agree” to the Privacy Policy of a Data Controller. Hence it is important to carefully read through and understand the contents of Privacy Policies before selecting an answer.
Financial Institutions are also required to inform their data subjects where there has been a breach of their data privacy. They must also ensure that data is kept up to date and used only for the purposes for which it has been collected.
Data Subject also need to be more abreast of their right and responsibilities as regards their data in ensuring strict protection of their data and all in all their Security against threats.
Source: Nigerian Data Protection Regulation 2019;
Legal Trends 