Larry Osei Ansong’s Post

Data Breach Costs Family Bank KES 250,000: ODPC Enforces Right to Data Erasure In a decisive move, the Office of the Data Protection Commissioner (ODPC) ordered Family Bank to compensate a complainant with KES 250,000 for mishandling personal data. This case, ODPC Complaint No. 616 of 2024, sheds light on critical lessons for organizations, particularly in the finance sector, to strengthen their data management practices. Here are the key takeaways: 1️⃣ Right to Data Erasure is Enforceable: Data subjects have a right to request the deletion of their personal data if it’s no longer necessary or was processed without their consent. Organizations must promptly act on such requests or risk legal and financial consequences. 2️⃣ Data Accuracy is Essential: Financial institutions must implement robust data verification systems to prevent errors. In this case, a mistaken email association led to an unintended data breach, emphasizing the need for strict data accuracy protocols. 3️⃣ Accountability and Compliance Matter: Compliance with Kenya’s Data Protection Act is non-negotiable. The ODPC's decision underscores the accountability required from all data controllers in adhering to data protection laws. 4️⃣ Cost of Non-Compliance is High: The KES 250,000 compensation awarded not only serves as a reminder of the financial penalties that can arise but also highlights the damage to reputation and consumer trust that can result from data mishandling. 🔍 For Businesses: This decision serves as a wake-up call to revisit data protection policies, implement regular audits, and foster a culture of data privacy compliance. 📖 Read our brief summary:https://lnkd.in/dQ-QsBwM Let’s prioritize data privacy and safeguard consumer trust! #DataProtection #PrivacyRights #FinanceSector #Kenya #LegalUpdate #Compliance #DataSecurity #ODPC

Very interesting but it's just a time bomb in many institutions. Data protection is something that many institutions have not paid keen interest in despite the many international laws on data privacy. Essentially, data protection safeguards information from damage, corruption, or loss and ensures that data is readily available to users through backup, recovery and proper governance. Data privacy is about controlling access to specific data. Data security aims to protect the integrity of the data against internal and external threats of manipulation and malware.

The Office of the Data Protection Commissioner received a complaint from Rose Muigai against NCBA Group, alleging that the bank disclosed her personal data to third parties, who were former employees, without a lawful basis. The Office investigated the complaint and found that the violation occurred between May 2023 and June 2024, after the third parties had ceased working for the bank. The critical question of how the former employees accessed the complainant's personal data without valid credentials or access logs remained unaddressed by the bank. The Office determined that the bank failed to fulfill its obligations under Sections 25(a), 41, and 43 of the Data Protection Act, 2019, which require data controllers to process personal data in accordance with the right to privacy, implement appropriate technical and organizational measures, and report personal data breaches to the Commissioner. Consequently, the Office ordered the bank to compensate the complainant KES 250,000 for the unlawful and unauthorized disclosure of her personal data and issued an enforcement notice against the bank. The determination highlights the importance of robust data protection measures and the consequences of failing to safeguard personal data, even from former employees.

What are the consequences of non-compliance with the Nigeria Data Protection Commission- NDPC Protection Regulation (NDPR) https://lnkd.in/ehu9ZchX The Nigeria Data Protection Commission- NDPC (NDPC) has imposed a fine of #₦555.#8 #million on Fidelity Bank PLC due to a significant data breach that compromised sensitive #customer information. This penalty serves as a critical reminder for #financial #institutions in #Nigeria regarding the importance of data protection and compliance with the Nigeria Data Protection Commission- NDPC https://lnkd.in/ehu9ZchX. The breach occurred when Fidelity Bank failed to adequately safeguard customer data, resulting in unauthorized access and potential misuse of personal information. The Nigeria Data Protection Commission- NDPC emphasized that organizations must implement robust security measures to protect personal data and ensure compliance with regulatory standards. We help you stay informed about data protection regulations and ensure your organization follows the #NDPC to protect customer information. Nigeria Data Protection Commission(Nigeria Data Protection Commission- NDPC) (Fidelity Bank PLC)

#DataBreach and #DataProtection - another EUR 20,000 fine applied by the Romanian Data Protection Authority (ANSPDCP) following an investigation related to data breach incidents notified by one controller to the #DPA. ANSPDCP indicates that the investigation was triggered after the controller reported three separate data security breaches, as follows: 🛑 Incident 1: A client reported that a credit was taken out in their name without their #consent. It was found that an employee had unlawfully used the client's credit application and related documents, despite the client having withdrawn the application. The employee conducted unauthorized cash withdrawals and bank transfers, compromising various categories of personal data, including names, personal identification numbers, addresses, phone numbers, and financial details. 🛑 Incident 2: Two employees shared confidential transaction information with a former employee via social media platforms, who then passed it on to the client's relatives. This unauthorized access and disclosure included the client's personal data such as names, personal identification numbers, addresses, account numbers, transaction dates, and amounts. 🛑 Incident 3: A client reported the existence of unsolicited products and missing funds from their account. Internal investigations revealed that an employee had conducted numerous unauthorized operations in the names of multiple clients, including modifying contact details, opening accounts, and requesting credit products. The investigation concluded that the controller had not implemented sufficient technical and organizational measures to ensure a level of security appropriate to the processing risk, resulting in unauthorized access and disclosure of personal data. To rectify these issues, the following corrective measures were imposed: ✅ Technical and organizational implementation plan - implement a technical and organizational procedural plan that includes a process for periodic testing, evaluation, and assessment of all actions related to the introduction and updating of personal data for data subjects (clients), including client notification and consent in any form for any modifications to personal data that may be carried out by the employees of the controller. ✅ Regular employee training and information dissemination - ensure regular awareness regarding the risks of unauthorized processing of personal data by employees, the dissemination of this information is required at intervals of no more than six months, including the necessity of proving acknowledgment by each employee who has access to personal data and responsibilities in the current data processing activities of clients. These measures offer valuable and practical guidance, especially on ANSPDCP expectations on regular employee trainings and internal dissemination of information. Link to the press release in the first comment (Romanian). #GDPR #Compliance #PrivacyMatters

🔔 New Publication Alert! 🔔 Excited to share the latest paper co-authored by our Chairman, Prof. Abu Bakar Munir, published in the Journal of Central Banking Law and Institutions (JCLI). This paper explores the critical challenges of cybersecurity and personal data protection (PDP) in the banking and financial sector. With the rise of cyberattacks, including ransomware, ensuring compliance with Indonesia’s UU ITE and UU PDP regulations becomes crucial. It also explore the importance of a unified Data Breach Notification system, drawing parallels with the EU GDPR. 📖 Read the full paper https://lnkd.in/eX3kptWU

Navigating Privacy Regulations in Digital Bank Guarantees: Ensuring Compliance, Security, and Client Trust With the expansion of digital bank guarantees, complying with global privacy regulations like GDPR and CCPA is essential for financial institutions. Proper compliance safeguards client data, builds trust, and ensures financial operations are future-proofed. Here’s how privacy regulations impact digital bank guarantees and what banks can do to stay compliant: 1. Global privacy laws like GDPR and CCPA mandate strict protection of personal data, impacting how digital bank guarantees are managed. 2. Compliance with these laws helps banks avoid costly fines while enhancing customer trust through transparent data practices. 3. By adopting privacy-first practices, banks secure client data, ensuring that sensitive information is protected throughout the guarantee process. 4. Regular audits help identify potential data vulnerabilities, keeping digital guarantee systems up-to-date with security protocols. 5. Encryption of sensitive data is essential, ensuring only authorized personnel can access client information related to bank guarantees. 6. Transparency with clients about data collection, usage, and storage practices fosters trust and aligns with privacy law requirements. 7. Partnering with legal and compliance experts keeps banks informed on evolving regulations, supporting proactive compliance. 8. Privacy compliance also builds the bank’s reputation as a secure, client-centric institution, strengthening relationships with clients. 9. By focusing on regulatory compliance, banks future-proof digital bank guarantees, preparing for any new data protection laws. 10. A compliance-driven approach not only enhances client confidence but also ensures a secure, resilient framework for digital bank guarantees. Building privacy and compliance into digital bank guarantees isn’t just about meeting regulations; it’s about fostering client trust and securing future growth. #BankGuarantees #DataPrivacy #GDPR #Fintech #Compliance #DataProtection #FinancialSecurity #ClientTrust #DigitalBanking #FutureProofing

Navigating Privacy Regulations in Digital Bank Guarantees: Ensuring Compliance, Security, and Client Trust With the expansion of digital bank guarantees, complying with global privacy regulations like GDPR and CCPA is essential for financial institutions. Proper compliance safeguards client data, builds trust, and ensures financial operations are future-proofed. Here’s how privacy regulations impact digital bank guarantees and what banks can do to stay compliant: 1. Global privacy laws like GDPR and CCPA mandate strict protection of personal data, impacting how digital bank guarantees are managed. 2. Compliance with these laws helps banks avoid costly fines while enhancing customer trust through transparent data practices. 3. By adopting privacy-first practices, banks secure client data, ensuring that sensitive information is protected throughout the guarantee process. 4. Regular audits help identify potential data vulnerabilities, keeping digital guarantee systems up-to-date with security protocols. 5. Encryption of sensitive data is essential, ensuring only authorized personnel can access client information related to bank guarantees. 6. Transparency with clients about data collection, usage, and storage practices fosters trust and aligns with privacy law requirements. 7. Partnering with legal and compliance experts keeps banks informed on evolving regulations, supporting proactive compliance. 8. Privacy compliance also builds the bank’s reputation as a secure, client-centric institution, strengthening relationships with clients. 9. By focusing on regulatory compliance, banks future-proof digital bank guarantees, preparing for any new data protection laws. 10. A compliance-driven approach not only enhances client confidence but also ensures a secure, resilient framework for digital bank guarantees. Building privacy and compliance into digital bank guarantees isn’t just about meeting regulations; it’s about fostering client trust and securing future growth. #BankGuarantees #DataPrivacy #GDPR #Fintech #Compliance #DataProtection #FinancialSecurity #ClientTrust #DigitalBanking #FutureProofing

https://lnkd.in/dENZ_8JN Nigeria Data Protection Commission- NDPC fines Fidelity Bank PLC the sum of N555, 800,000 for #data #breach #Nigeria #Data #Protection #NDPAct2023. #databreach #data #technology #dataprivacy #dataprotection #championingdataprivacyrights

(*12*) Securities and Exchange Board of India(Sebi) penalised <!-- -->NSE Data and Analytics<!-- --> Ltd for its failure to segregate IT infrastructures and manpower between itself and its guardian agency National Stock Exchange (NSE), and has been directed to deposit a <!-- -->penalty<!-- --> of Rs 12 lakh inside 45 days.Sebi recognized irregularities associated to the backup of data and the Business Continuity Plan/Disaster Recovery coverage.There had been additionally delays in sending acknowledgment letters to buyers, inconsistencies in system audit experiences and the <!-- -->cyber safety audit<!-- --> framework. In addition, the corporate additionally didn’t validate KYC data.Sebi the KYC registration company on September 6-7, 2023, to deal with potential violation of regulatory norms and the interval lined April 1, 2022, to July 31, 2023.Sebi stated, “There was no segregation of any IT infrastructures (server, network, data centers and IT security), along with the IT manpower, responsible for handling server management, network, data centers and IT security between the noticee (NSE Data And Analytics) and its parent organization (NSE)”.NSE Data And Analytics responded that they’ve taken many corrective steps.