The Office of the Data Protection Commissioner (ODPC) has directed NCBA Bank to pay KSh 250,000 to a customer, Brian Githaiga, over mishandling of his personal data.
Githaiga lodged a complaint after the bank sent his business transaction details to the wrong email address, which he had asked to be corrected multiple times since 2019.
While NCBA claimed it used the data provided, Data Commissioner Immaculate Kassait ruled the bank either “intentionally or negligently violated” Githaiga’s right to data erasure by failing to act on correction requests.
The ODPC noted that both Githaiga and the unintended email recipient notified NCBA, yet the error persisted. Evidence showed sensitive emails were still being sent to the wrong address as late as February 2024.
The bank has 14 days to delete the incorrect email from its system. The ODPC stressed the customer’s right to data rectification and erasure under the Data Protection Act, 2019.
Kenya Insights allows guest blogging, if you want to be published on Kenya’s most authoritative and accurate blog, have an expose, news TIPS, story angles, human interest stories, drop us an email on [email protected] or via Telegram
Share via: