Contents

1. Summary
   1. Facts
   2. Holding
2. Comment
3. Further resources
4. The Decision

Summary

A financial institution failed to update the records of a customer. The customer then filed a complaint with the ODPC without reference to the institution. The firm promptly rectified the records once alerted by the ODPC. The complaint was deemed resolved.

Facts

Teresia Karungari (the “Complainant”) was a customer of Branch Microfinance Bank (the “Respondent”). The Complainant averred that she accessed a loan facility from the institution which she repaid in full. She alleges that notwithstanding the repayment the Respondent continued to spam her emails with demands for payment. She stated that she would receive at least 3 emails a day and that this practice went on for months.

The Respondent did not deny the allegations and confirmed that the Complainant had indeed fully repaid the loan advanced to her but that due to an oversight, her details had not been updated and she was retained in the debtors listing resulting in the unintended communication.

Holding

The ODPC held as follows:

• The Respondent had an obligation to ensure the accuracy and correctness of the Conplainants personal data. The Respondent failed to ensure the accuracy and correctness of the data held by them which caused the miscommunication and in so doing violated the provisions of the DPA19.
• The Respondent also has a duty to correct any inaccuracies in personal data held by them. The Complainant did not approach the Respondent in the first instance before getting the ODPC's office. This was notwithstanding the availability of mechanisms to facilitate a resolution, based on the companies privacy policy. The Respondent promptly corrected the Complainant’s records once it was alerted of the complaint by the ODPC.

In the circumstances, the ODPC held that the matter has been resolved successfully.

Comment

The full text of the ruling is available below.

Further resources

Share blogs or news articles here!