Data breach: FG slams N400m fine on four banks, others
The Nigeria Data Protection Commission has said more than 1000 financial institutions, schools, insurance companies, and consultancy firms are currently undergoing investigations for various degrees of breaches of citizens’ data.
This was as the commission’s National Commissioner, Vincent Olatunji, revealed that four major banks and three other institutions faced sanctions and incurred fines totalling N400m for infractions relating to breaches of citizens’ data.
Olatunji revealed this on Tuesday during an interactive session with journalists to mark the first anniversary of the signing into law of the Nigeria Data Protection Commission Act by President Bola Tinubu in Abuja.
On June 12, 2023, Tinubu assented to the data protection bill to advance privacy rights and other fundamental freedoms both in cyberspace and in analogue transactions.
The legislation allows Nigerians to seek redress from any form of data breach stipulating that citizens’ data is “processed in a fair, lawful and accountable manner”.
Recalling with nostalgia, the national commissioner stated, “As of this time last year, we were so unsure if the president would assent to the bill, what if the president didn’t sign it, what would have happened? The bill was passed by the ninth Assembly and usually, when a new government comes in, they want to jettison all that the former government did before it got there. More importantly, it was a new government. I was apprehensive, everyone was worried but I kept faith in God even though I was not sure too and on the 12th of June last year, the president signed it.”
Speaking further, Olatunji emphasised that the nation’s data ecosystem has surpassed a value of N10bn due to the multiplier effect of assenting to the bill.
He stressed the commission’s commitment to safeguarding citizens’ data by global best standards and practices, deeming it essential for ensuring its safety, security, and protection.
The national commissioner said, “Cumulatively, we have had over 1,000 reports of data breaches between when we started and now. The figure is low because of the low level of awareness among Nigerians.
Out of the 1,000 cases, about 400 of them are digital revenue companies that we call loan sharks but the main ones we have conducted investigations in the education sector, financial institutions, real estate, insurance, consulting, and schools and as of today, we have finalised four major investigations and some have paid their remediation fees. In the law, we can fine companies depending on the nature of the breach, impact on the subject and level of cooperation and we got N400m from remediation fees.”
He added that ongoing investigations were being conducted concerning data infractions.
Olatunji also highlighted that the activities of the NDPC have led to increased levels of compliance with the Nigeria Data Protection Act in both the private and public sectors.
“When we started, the levels of compliance within the private sector was about 49 per cent while the public sector was 4 per cent. But today, private sector compliance is above 55, while the public sector has reached 15 per cent “, Olatunji said.
The NDPC boss also announced that Nigeria is now at the forefront of the activities of the Global Data Assembly and has impacted the data ecosystem on the national economy as nations like Kenya, Ghana, China, Singapore, and Malaysia, among others.
“The Data Protection Act 2023 is a major milestone for Nigeria. Mr President laid our apprehension to rest when he signed the Act on June 12, 2023. It was a major turnaround for the industry. Now the data ecosystem is beyond everybody because it is a global phenomenon due to the impact of technology.
“In terms of jobs and wealth creation, promotion of tourism, perception and attraction of foreign direct investments into Nigeria, we have taken a leapfrog and even overtaken some countries.
“And that’s why Nigeria was given the hosting right for 2024 All African Data Protection Commission’s and Institutions. About 30 countries would be here next year for the event,” Olatunji said.
He said the commission had concluded arrangements to train 10,000 public servants in responsible data management, while about 1,000 data protection officers and processors including journalists would undergo training by the NDPC.
To check the activities of digital loan platforms, Olatunji said the NDPC collaborated with CBN, ICPC, EFCC, and other regulatory authorities, lamenting that most of the illegal digital loan platforms had no known or traceable addresses.
He, however, emphasised that ongoing efforts would focus on raising awareness among vulnerable Nigerians who fall prey to loan sharks due to lack of knowledge. He noted that the nation’s large population and vast landmass pose challenges to fully clamping down on the activities of digital loan sharks, as many operate from isolated or remote areas without identifiable addresses.