Wema Bank Data Breach Scandal

A couple of weeks ago, the social space was polluted by the news of Wema Bank Plc being accused to have opened bank accounts for some persons without their consent. Although Bet9ja (as it is fondly called) is also somewhat linked to this allegation.

In 2020, Wells Fargo Bank, N.A. a commercial bank based in the United States, and a subsidiary of Wells Fargo & Company, were found guilty of just about the same offence and were fined to pay a total of $3 billion as in damages to the aggrieved parties.

The “why” was that Wells Fargo Bank employees reportedly opened millions of bank accounts between 2002-2016 for some persons without their consent, which could in the legal phraseology be regarded as a breach of personal information/data.

These criminal and civil liabilities stemmed from the fact that the company reportedly mounted pressure on its staff to meet unrealistic sales targets, which then led to the misappropriation of millions of their customer’s data.

Just recently, some persons accused Wema Bank of opening accounts for them without their consent. And when they logged their complaint, and reported the issue, some Wema Bank attendants confirmed the claim to be true.

Could it be that Wema Bank Plc are about to see “shege”?

Well, data privacy and protection has over the past few years being a budding area in the legal industry.

While the 2018 European Union General Data Protection Regulation (GDPR) is the main template for the data protection and privacy in Nigeria, as well as for most other countries, especially in Europe, data privacy and protection are broadly regulated in Nigeria by the 1999 Constitution of the Federal Republic of Nigeria (as amended, hereinafter referred to as the “CFRN”), and the Nigerian Data Protection Regulation (NDPR).

Section 37 of the CFRN and Article 2.1, 2.6 and 4 of the NDPR clearly provides for everyone’s/users “right to privacy.”

I learned the Nigerian Data Protection Bureau (NDPB) is now in charge of the Wema Bank and Bet9ja scandal.

Whilst we await the outcome of the ongoing investigation, if Wema Bank is found liable as charged they will be made to pay dearly for their misdeed which may include fines, and sanctions from the Central Bank of Nigeria and other regulatory agencies.

In light of the above, the highest fine for violations of data privacy rights according to to the NDPR sums up to ₦10 million or 2% of – in this case Wema Bank’s previous year’s gross income. Usually, judgement is made based on whichever is larger, and it could also be calculated depending on the number of the customer’s data that is dealt with.

Last year, Wema Bank made a gross income of approximately ₦92 billion and if the 2% fine rule is implemented, Wema Bank will have to pay a sum of about ₦1.9 billion to compensate the aggrieved parties.

While we await the outcome of the investigation and the pronouncement of my noble lords, it is advisable that you (as an individual or corporate body) deal with people’s or your client’s personal data with utmost care and ONLY for the reason which the data was collected.

About the author

Solomon Oluwaseun Olukoya is a law student of Ahmadu Bello University, Zaria. He can be reached via
+2347030313860
[email protected]

Leave a Reply

Your email address will not be published.