The National Data Protection Commission (NDCP) or National Data Protection Bureau (NDPB) has listed 4 banks and a tertiary institution, among others as currently being investigated for an alleged data breach.
On the list are Zenith Bank, Unity Bank, Fidelity Bank, Guarantee Trust Bank, Leadway Insurance and Babcock University.
According to a statement by NDPC’s head of media, Itunu Dosekun, on Thursday, NDPC commissioner, Dr. Vincent Olatunji said the investigation was set in motion following complaints from data subjects.
He said, “In the last few weeks, the NDPC has received complaints bothering on unlawful data processing, unauthorized access to personal data and violation of data subjects’ rights.”
“We are currently investigating Guarantee Trust Bank, Fidelity, Unity, Zenith banks, Leadway Insurance and Babcock University, among others, for data breach.”
With the establishment of the Nigerian Data Protection Act (NDPA) on June 12th 2023, data collection and usage is no longer business as usual.
The Commission has now been empowered with a legal framework to address issues of citizens’ data breaches.
Per this framework, there are lines of data minimization and purpose limitations that must not be crossed in the process of data collection. There are also prerequisite steps that every Data Controller Organisation (DCO) must take before collecting data from any data subject.
The commissioner said defaulting organizations are going against the law and causing a data breach and such organisations will be fined.
Stating the consequences of breaking the laws of the NDPA, he said; “Under Part 10 of the newly-signed NDPA Act 2023, a data controller with a turnover of N200 billion yearly may pay as high as N2 billion, which represents two percent of the gross revenue.”
“Not only that, offenders also risk up to one-year jail term,” he added.
The NDPC commissioner stated that the commission is out for the protection of the citizens and no data controller is excluded from the law.
“There are provisions in the law to go against any data controller be it private or government office, NGOs, hotels, because we are pro-citizens,” he said.
