Time flies with great content! Renew in to keep enjoying all our premium content.
Prime
Co-op Bank, Family, KWFT compensate customer for privacy breach
Co-operative Bank, Family Bank, and Kenya Women Finance Trust (KWFT) were jointly ordered in April to pay Sh650,000 in compensation for unlawfully processing a customer’s personal data.
Commercial lenders Co-operative (Co-op) Bank, Family Bank, and Kenya Women Finance Trust (KWFT) were jointly ordered to compensate a borrower for privacy breaches.
A disclosure by the Office of the Data Protection Commissioner (ODPC) shows that the three lenders were in April ordered to pay Sh650,000 in compensation for unlawfully processing a customer’s personal data, including loan details and contact information.
In the unprecedented case, which is set to impact relationships in the banking industry, Co-op Bank and Family Bank were racing to take over a loan that KWFT was selling, but in the process, they violated the customers’ privacy rights, landing them in trouble with the regulator.
“From the evidence adduced to this office, it is evident that at all material times when the second (Family Bank) and third respondent (Co-op Bank) was handling the complainant’s personal data, it required the complainant’s consent or a lawful basis to process the complainant’s data,” Data Commissioner Immaculate Kassait in her ruling.
The complainant, MN (identity withheld), had taken a loan with KWFT, which the microfinance lender wanted to sell to other banks and unlawfully shared her details – including identification details, loan status, place of work, and phone number – with the prospective buyers.
Banks – particularly smaller ones – often sell loans to free up capital for lending to other customers. In such deals, another bank pays the outstanding principal and any accrued interest, then takes over collecting future interest payments.
Such deals rely on sharing the loan details with prospective buyers, often without the borrowers’ knowledge or permission, which the ODPC now says is illegal and a violation of the customers’ rights.
MN complained to the ODPC last November after both Family Bank and Co-operative Bank officers called regarding KWFT’s plan to sell her loan, which amounted to unlawful processing of her data without consent.
While both banks denied any wrongdoing, Family Bank was nabbed by its admission that the officer who called the customer was its employee, while Co-op Bank was caught in its admission that it collected her data through “market intelligence”, which, in itself, is illegal.
Both lenders were ordered to pay the complainant Sh200,000 for the violation of the consumer’s rights by processing her personal data without consent. KWFT, on the other hand, will pay MN Sh250,000 for illegally sharing her details and failing to fully inform her of what the personal data would be used for.
In a different but almost similar case, Co-op Bank has been ordered to pay another customer Sh50,000 for spamming a customer with messages about a dormant payment till number, which the customer never opened or associated with.
While Co-op Bank said it routinely opens till numbers for all customers as a value-added service, the regulator sided with the complainant, faulting the bank for failing to fully disclose how her personal data would be used when opening the account.
The Kenya Bankers Sacco also landed in trouble with the regulator after a customer accused it of sharing her loan details with two separate guarantors for different loans without her consent. It was ordered to pay Sh50,000 to the customer.
The ODPC allows parties to appeal its decisions within 30 days.
