NDPC faults CBN on collection of customers’ data by financial institutions

0
364

BY FESTUS OKOROMADU, ABUJA

The Nigeria Data Protection Commission has described a recent directive of the Central Bank of Nigeria to financial institutions, to obtain personal data of their customers via social media handles as inappropriate.

The National Commissioner/Chief Executive Officer of NDPC, Vincent Olatunji, stated this while featuring in a national radio programme on Wednesday in Abuja.

He described the collection of such data as a violation of the rights of citizens.

He noted that with the signing into law, an Act transforming the former Nigeria Data Protection Bureau to the commission by President Bola Tinubu, such action becomes illegal.

He explained that NDPC has been empowered by law to protect, manage and ensure that the personal data of Nigerians was effectively and efficiently treated.

Olatunji said the commission was empowered with the mandate to fine, enforce and even prosecute defaulters of the law both at the public and private levels.

He said plans were already in place to officially communicate to the CBN on the matter.

“We will formally write to the CBN that if this has to be done, there are procedures to follow especially in case of public interest, there are guidelines to that rather than just to impose it on customers, it is not right,” he said.

Further emphasising the importance of data protection and privacy issues, the National Commissioner/CEO of NDPC, said there are processes and principles to be followed.

“We have what we call Purpose Limitation. When you are collecting data of anybody you must not collect it for any other purpose apart from that for which the data is collected. In this case, if it is for financial transactions all you need is the basic things you need to identify them. The issue of asking for their social media is not really necessary.

“Secondly, we have Data Maximization; for what purpose do you need to collect data? Is it really important? If you need it for public interest, there should be guidelines, (criteria/procedure) to follow stating the reason for collection. Ideally, when your data is being collected to be processed you should have a right to say yes, or no. This is where consent comes in. You have to seek the consent of customers before making any pronouncement.”

He further explained that if the Apex Bank needed to use such data under public interest as a regulator to monitor financial transactions, there were guidelines to follow.

One of such guidelines includes informing the customers and stating the purpose.

“Ideally, that should not happen. We are engaging the CBN on this.

“When opening an account we have National Identity Number (NIN), BVN, International Passport among others which to a large extent recognise you as a Nigerian, so the social media handles are completely unnecessary.”

He added that, “you don’t collect data more than what you need, so there is no point in collecting such data. So, we will definitely take them up on it and work with them and look at the best solution out of it.”

The CBN had earlier mandated financial institutions to obtain the social media handle, e-mail addresses, telephone numbers, residential addresses, and more of their customers.

On creating awareness, he said the commission was engaging relevant stakeholders and partners to educate citizens and residents on their rights on data safety and privacy.

“We have been creating awareness through stakeholders’ engagement, programmes and projects, we are also working towards enlightenment campaigns at the grassroots to ensure inclusiveness across board,” he said.