Details - NDPC

NDPB Investigates Banks, Others Over Alleged Data Breaches

Nigeria Data Protection Bureau (NDPB) is investigating four banks, one telecommunications firm, consulting firms and a large number of loan sharks for various alleged data breaches, according to Dr. Vincent Olatunji, National Commissioner/Chief Executive Officer, NDPB. Olatunji said investigations would continue as NDPB planned to beam searchlights on other sectors, which are heavy on data. He was briefing journalists in Lagos about the activities of the bureau in the last one year and said the need to investigate them became necessary because of the sensitivity of data at their disposal. He particularly emphasised the activities of loan sharks, stressing that they have caused lots of pain to people. According to him, most of these organisations have no formal business office The NDPB boss, who said loan seekers most times fail to actually read the terms and conditions before embarking on the loan journey, disclosed that on the investigation, the bureau will work with National Information Technology Development Agency (NITDA), Federal Competition and Consumer Protection Commission (FCCPC), Nigerian Communications Commission (NCC), Independent Corrupt Practices and Other Related Offences Commission (ICPC), Economic and Financial Crimes Commission (EFCC) and the Nigeria Police Force (NPF). “We are investigating over 110 data controllers and data processors for various degrees of data privacy and protection breaches. The most worrisome are those in the financial and the telecoms sectors. Four banks, online lending companies, one telecoms company and one gaming company are being investigated. “The vulnerabilities in these sectors are high partly due to the capabilities of intrusive mobile apps. When you factor in lack of due diligence on the part of data controllers in engaging data processors or vendors who have access to personal data of customers, what you see in some cases is a pattern of abuses in violation of the Nigeria Data Protection Regulation (NDPR) and section 37 of the 1999 Constitution of the Federal Republic of Nigeria. “The position of the government is that those who deal with data have nothing to fear but the consequences of their acts and omissions which may constitute a civil or a criminal liability. We are particularly glad that the Nigeria Police Force are currently working with us in this regard,” he stressed. Olatunji, who put the worth of Nigeria’s data industry at N5.5 billion, said within the last two years of the creation of NDPB, the bureau has added N94 million to government coffers. He emphasised that NDPB is a revenue generation agency According to him, NCC, NITDA and the Nigeria Identity Management Commission (NIMC), as directed by the presidency, are currently funding the bureau. He said the Federal Executive Council on January 25, 2023, approved the Nigeria Data Protection Bill and will be transmitted to the National Assembly as an Executive Bill, adding that the Legislature has reiterated its preparedness to pass the Bill into law. On the bureau’s strategic initiatives and outcomes, Olatunji said there is the development of NDPB Strategic Roadmap and Action Plan (NDPB-SRAP 2023-2028). He said the resolve from day one was to follow a road map that is Specific, Measurable, Achievable, Relevant, and Time-Bound (SMART) “Thus, we have put in place five guiding pillars, which are governance; ecosystem and technology; capacity development; cooperation and collaboration and funding and sustainability. “In each of these pillars are time-bound goals, activities and outcomes which are carefully crafted to guide the Bureau in the discharge of its mandate. “Full automation of the following processes: Nigeria Data Protection Regulation (NDPR) Compliance Audit Returns Filing; NDPR Complaint Process and Data Protection Compliance Organizations (DPCOs) Registration and Licensing,” he stated. According to him, there is also the National Data Protection Adequacy Programme. He said this has been designed to create a gradual pathway for organizations in implementing adequate technical and organizational measures of data privacy protection. This, he said, brought about a 400 per cent increase in the enrollment of Data Protection Officers (DPOs) from data controllers and processors across Nigeria. “Licensing of additional 48 Data Protection Compliance Organizations (DPCOs). With this number, we now have 138 DPCOs. This has boosted wealth and job creation in the ecosystem. The cumulative revenue of the sector is estimated at N5.5 billion and over 9, 500 jobs have been created so far. Similarly the rate of NDPR Compliance Audit Returns filing increased from 1229 in 2021 to 1,777 in 2022,” he added.