According to the Nigerian Data Protection Commission (NDPC), an inquiry into the alleged data breach has been launched on three banks, a university, and other suspects.
Vincent Olatunji, the NDPC’s National Commissioner, revealed this in a statement on June 29.
Unauthorized access to private data is referred to as a data breach.
Zenith, Fidelity, Guaranty Trust, and Unity Banks were identified as participants in the interaction, along with Babcock University and Leadway Insurance, among others.
Mr. Olatunji claims that the probe was prompted by complaints from data subjects.
According to him, the commission now has a legal framework to address concerns involving data breaches involving citizens thanks to the new Nigerian Data Protection Act (NDPA).
He said: “In the last few weeks, the NDPC has received complaints bordering on unlawful data processing, unauthorized access to personal data, and violation of data subjects’ rights.
“Under Part 10 of the newly-signed NDPA 2023, a data controller with a turnover of N200 billion yearly may pay as high as N2 billion, which represents two percent of the gross revenue.”
He added: “Not only that, but offenders also risk up to a one-year jail term. We are currently investigating Guaranty Trust Bank, Fidelity, Unity Bank, Zenith Bank, Leadway Insurance, and Babcock University, among others, for a data breach.”
Many micro-finance institutions, according to the NDPC chairman, have not yet adapted their operations to meet privacy and protection standards for personal information.
He added that the Federal Competition and Consumer Protection Commission’s new mandate would subject lending organizations to the law.
Before certifying online lenders, Mr. Olatunji continued, the mandate requires loan organizations to obtain compliance and clearance from NDPC.
“The commission is investigating over 400 complaints in the online lending sector. Soko Loan is already working on a comeback to the digital lending market, but yet to be approved,” said the commissioner.
However, he said that the commission was conducting awareness campaigns to make sure that data controllers were aware of the consequences of a data breach.
The national commissioner claims that the NDPC places more emphasis on raising public awareness than on applying harsh penalties.
Comments