Log In
Join for free

Teresia Karungari Vs Branch Microfinance Bank

ODPC Case: Teresia Karungari vs Branch Microfinance Bank
ODPC COMPLAINT NO. 0796 OF 2023

1. Introduction

This case involves a complaint filed by Teresia Karungari against Branch Microfinance Bank for alleged violations of the Data Protection Act, 2019. The complaint pertains to inaccurate loan records and persistent spam communications despite the complainant having cleared her loan.

Table of Contents

2. Nature of Complaint

The complainant, Teresia Karungari, alleged that Branch Microfinance Bank had been sending her multiple daily messages claiming she had not cleared a microfinance loan, despite having settled the loan in 2022. The spam communications persisted for several months, infringing on her data privacy rights.

3. Analysis of Evidence

Complainant’s Position
  • Received three spam messages daily for months regarding an allegedly unpaid loan.
  • Had cleared the loan in 2022, as evidenced by bank records.
  • Sought intervention from the ODPC to stop the communications and rectify the inaccurate records.
Respondent’s Defense
  • Admitted the complainant had cleared her last loan facility on 11th May 2021.
  • Attributed the error to an “oversight” where the complainant’s name remained on a defaulters’ list.
  • Took corrective actions, including updating records, ceasing communications, and reviewing borrower lists.
  • Provided their Data Protection Policy and demonstrated compliance efforts with the Data Protection Act.

4. Issues for Determination

Whether the Respondent violated the principles of data protection under Section 25 of the Data Protection Act, 2019, by failing to maintain accurate and up-to-date personal data, leading to unauthorized communications.

5. Final Determination

  • The Respondent violated Section 25(f) of the Act by failing to ensure the complainant’s data was accurate and up-to-date.
  • The complaint was resolved after the Respondent rectified the records and ceased communications.
  • The case was marked as closed, with parties retaining the right to appeal.

6. Significance and Impact

Data Accuracy
  • Reinforces the obligation of data controllers to maintain accurate records.
  • Highlights the need for proactive measures to prevent inaccuracies.
Consumer Rights
  • Affirms the right to erasure or rectification of inaccurate data under Section 26.
  • Demonstrates the ODPC’s role in enforcing data subject rights.
Organizational Practices
  • Emphasizes the importance of robust data governance systems.
  • Sets expectations for timely corrective actions when errors are identified.

Broader Impact: This case serves as a reminder to financial institutions of their duty to uphold data protection principles, particularly accuracy, and the consequences of failing to do so.

For full determination, click 🗃️

Tags:
I O

I O

Ian Olwana supports African organisations in turning data protection laws into practical, sustainable governance practices.

http://datagovernance.africa

Leave a Reply

Your email address will not be published. Required fields are marked *