A borrower’s right to data privacy is not negotiable

Take a moment to think about how much effort and resources went into launching your digital lending business and look with optimism on the challenges that may lie ahead; nothing gets your heart racing several miles per minute like the chance that you may not recover your loans right? You worry about why Nigerians don’t pay back their loans.

Have you reached a roadblock brainstorming on a more effective loan recovery process and you find yourself toying with the idea of taking defaulters’ identities public and hoping the bad exposure somehow encourages them to repay?

Before you romanticize that idea further…

Here’s what you need to know

The National Information Technology Development Agency (NITDA) is the regulator for Information Technology in Nigeria; this makes them the authority on how you conduct your digital lending business and data privacy. Following global standards, such as the GDPR, NITDA created the Nigerian Data Protection Regulation (NDPR) in 2019 which stipulates how to collect, process and protect data in accordance with lawful practice and with consent from the Data Subject.

Here are a few of the laws you would be violating once you act on this idea

1. Article 2.5 and 3.1(7) of the NDPR: Use of non-conforming privacy notice
2. Articles 2.2 and 2.3 of the NDPR: Insufficient lawful basis for processing personal data
3. Article 2.2 of the NDPR: Illegal data sharing without appropriate lawful basis

And here are the consequences for such actions

In addition to any other criminal liability, any entity subject to the NDPR whose actions are found to constitute a breach of the data privacy rights of the Data Subject are subject to the following penalties:

1. In the case of a Data Controller dealing with more than 10,000 Data Subjects: a fine of 2% of Annual Gross Revenue of the preceding year or payment of the sum of 10 million Naira is payable; whichever is greater.
2. In the case of a Data Controller dealing with less than 10,000 Data Subjects: a fine of 1% of the Annual Gross Revenue of the preceding year or payment of the sum of 2 million Naira is payable, whichever is greater.

We urge you to think again, deeply. Now, cross that idea off your whiteboard.

In 2021, the NITDA clamped down hard on some lenders for abusing their borrowers’ data and breaching their privacy rights. These lenders accessed borrowers’ contact list from their mobile app and sent broadcast messages to those on their contact list; reporting said borrowers for defaulting on loan repayments. Despite the penalties, some still continue to conduct their business in this way; involving people who are non- partisan to the agreement between borrower and lender and did not consent to their data being accessed and used in this way. Customers of these companies who have been subject to this have reported these messages as defamatory, threatening and harassing. Some go as far as abusive language and curses. *covering our face from second-hand embarrassment*.

Don’t get us wrong; we understand the frustration that comes with borrowers defaulting on loan repayments, stacking up your liabilities and hampering efficient operation of your lending business. How are you expected to scale as a lender if your borrowers don’t pay you back? At Lendsqr we support multiple lenders with running their business and work with them to access an array of borrowers’ data ethically and with their consent; we don’t reach out to borrowers’ contacts about loans they are not a part of and even guarantors’ permission is required before they are attached to any loan. Protecting borrowers’ rights to privacy is a priority for us and despite working with several lenders, we never share borrowers’ information across lenders even if they have borrowers’ in common.

Lendsqr protects borrowers’ data privacy but we also protect lenders from bad borrowers. We believe borrowers should be held accountable for loans not repaid. The option to blacklist bad actors exists where such borrowers are blocked from accessing a lender’s services when their behavior has fallen short of the terms of agreement; the case for an industry blacklist is an ongoing conversation. Bad borrowers are also reported to credit bureaus and blocked from getting loans on other platforms.

Don’t underestimate the power of the ecosystem

Operating on a LaaS platform provides a lot more data to increase immunity from bad borrowers. We have partnered with the CRC Credit Bureau for the lenders who run their business with us.

At this point, we have to emphasize the importance of A-grade customer service in a digital lending business. Delays on loan repayments are sometimes reported by the borrowers themselves; they may have tried to reach out to you with an explanation for the delay or to report if something may have gone wrong with the repayment process. Not every customer who delays may be a bad actor. Constant follow-ups, reminders, agents’ responsiveness and availability are things your business stands to benefit greatly from if harnessed properly.

If the way you operate your lending business currently breaches borrowers’ data privacy, we urge you to stop. Gaining a reputation as a predatory lender does more harm to your business in the long run. You might recover some loans in the short run but good borrowers may begin to avoid you while the bad borrowers will flock to your platform knowing the scare tactics don’t reflect an actual capability of catching them. The possibilities of scaling as a lender; partnering with other businesses and providing credit in various forms are endless; conducting your operations in blatantly unethical ways deters good companies from wanting to work with you. Your growth becomes limited.

A successful lending business must be ethical and sustainable

Want to hear a secret? If a public shaming seems like your only/best option, then it’s an indicator your loan collection process could use some work. Data and tech are the ultimate dynamic duo and they make all the difference; plug into an existing ecosystem and watch your efficiency skyrocket. Trust us on this. What you want is a business that works and people can trust.

Protecting borrowers’ data is every lender’s responsibility. Even if you don’t use it unethically, it is your responsibility to make sure third parties don’t have unlawful access to said data. Evaluate the security of your platform as often as necessary, upgrade it if need be and ensure your customers’ data is well taken care of always.