Over alleged data breach The Nigeria Data Protection Commission (NDPC) has said that it has begun investigation of three banks, a university and other suspects.
in a statement on Thursday, June 29. This was disclosed by the National Commissioner of NDPC, Vincent Olatunji.
A data breach involves accessing confidential information without authorisation.
Among those listed for the interaction were Zenith, Fidelity, Guaranty Trust and Unity Banks, as well as Babcock University, Leadway Insurance, among others.
According to Mr Olatunji, the investigation followed complaints from data subjects.
He explained that with the new Nigerian Data Protection Act (NDPA), the commission had been empowered with a legal framework to address issues of citizens’ data breaches.
He said: “In the last few weeks, the NDPC has received complaints bordering on unlawful data processing, unauthorised access to personal data and violation of data subjects’ rights.
“Under Part 10 of the newly-signed NDPA 2023, a data controller with a turnover of N200 billion yearly may pay as high as N2 billion, which represents two per cent of the gross revenue.”
He added: “Not only that, but offenders also risk up to a one-year jail term. We are currently investigating Guaranty Trust Bank, Fidelity, Unity Bank, Zenith Bank, Leadway Insurance and Babcock University, among others, for a data breach.”
The NDPC chief stated that many micro-finance banks had yet to align their operations with data privacy and protection requirements.
He further revealed that loaning organisations would face the law with the new mandate of the Federal Competition and Consumer Protection Commission.
Mr Olatunji added the mandate required loan organisations to seek compliance and clearance from NDPC before approving online lenders.
“The commission is investigating over 400 complaints in the online lending sector. Soko Loan is already working on a comeback to the digital lending market, but yet to be approved,” said the commissioner.
He, however, revealed that the commission was engaging in sensitisation exercises to ensure that data controllers understood the implications of a data breach.
According to the national commissioner, the NDPC prioritises awareness more than the scorched earth enforcement process.