“…banks will be at risk handling such customers’ data as these are prone to easy cyberattack and penetration, while banks can be blamed for such breaches”, Dr. Olatunji
Nigeria Data Protection Commission (NDPC) has urged the Central Bank of Nigeria (CBN) to withdraw the directive to banks in which the apex bank requested that (new) bank customers must submit their social media handles as part of the Know Your Customer (KYC) processes.
Dr. Vincent Olatunji, the National Commissioner of NDPC, said that the directive by the CBN may constitute impediments in the bid to ensure security of customers data in Banks.
Speaking at a virtual Media Parley, Dr. Olatunji disclosed that the directive, if implemented, will pose some challenges to both the banks and the customers.
He hinted that the Commission has scheduled a meeting with the CBN to amicably seek other options, while pointing out the dangers of accessing customers’ social media handles by banks.
According to him, “The CBN mandate is wrong. To access customers’ data; data consent is required from the data subjects.”
He further noted that banks will be at risk handling such customers’ data as these are prone to easy cyberattack and penetration, while banks can be blamed for such breaches.
Dr. Adetunji pointed out that the current KYC parameters are sufficient as they already have other means of identifying customers.
The NDPC, which was recently established as a full-fledge Commission under the Federal Government, operated as a Board under the National Information Technology Development Agency (NITDA) until the Bill establishing it as an independent Commission to implement the Nigeria Data Protection Regulation (NDPR) was signed into law on June 12, 2023.
By the Act, all government Ministries, Departments and Agencies (MDAs), including private organisations are to comply by the NDPR, and the regulatory dictates of the Commission.
