| Authority: | APD |
|---|---|
| Jurisdiction: | Angola |
| Relevant law: | Personal Data Protection Act |
| Type: | Complaint |
| Outcome: | Violation |
| Started: | March 2021 |
| Decided: | 2024 |
| Published: | Yes |
| Fine: | US$525,000 |
| Parties: | Banco de Poupança e Crédito “BPC” |
| Case No.: | N/A |
| Appeal: | N/A |
| Original Source: | NADPA-RAPDP |
| Original contributor: | MZIZI Africa |
Banco de Poupança e Crédito (BPC), an Angolan public bank, was fined for violating data protection laws after a document listing terminated employees' personal data was leaked on social media. The violations included inadequate data protection measures, unauthorized disclosure, and processing of personal data without proper authorization, affecting 278 employees.
According to the decision by the Board of Directors of the Angolan Data Protection Agency (APD) in its April 27th deliberation, Banco de Poupança e Crédito (BPC), a public bank in Angola, violated several provisions of the Data Protection Law (LPDP). These violations led to the online leak of a document listing employees affected by terminations at the bank, which was shared on social media.
The incident occurred in the first half of March 2021.
The Board imposed a fine on BPC, payable in the national currency, for committing three infractions: (1) failure to implement adequate technical and organizational measures to protect employees' personal data, (2) breach of the duty of care and confidentiality regarding unauthorized access and disclosure of these data, and (3) processing personal data without authorization from the Agency.
The leaked document contained sensitive personal information, including employee identification numbers, names, job titles, and work addresses, affecting 278 employees subject to termination at BPC.
Banco de Poupança e Crédito, an Angolan public bank, violated several rules of the LPDP.
The full text of the ruling is not available but press releases in respect of the same is available below.