The Nigeria Data Protection Commission has said more than 1000 financial institutions, schools, insurance companies, and consultancy firms are currently undergoing investigations for various degrees of breaches of citizens’ data.
This was as the commission’s National Commissioner, Vincent Olatunji, revealed that four major banks and three other institutions have faced sanctions and incurred fines totalling N400m for infractions related to breaches of citizens’ data.
Olatunji revealed this on Tuesday during an interactive session with journalists to mark the first anniversary of President Bola Tinubu’s signing into law of the Nigeria Data Protection Commission Act in Abuja.
On June 12, 2023, Tinubu assented to the data protection bill to advance privacy rights and other fundamental freedoms both in cyberspace and in analogue transactions.
The legislation allows Nigerians to seek redress from any data breach and stipulates that citizens’ data is “processed in a fair, lawful and accountable manner.”
Speaking at the event, Olatunji emphasized that the nation’s data ecosystem has surpassed a value of 10 billion naira.
He stressed the Commission’s commitment to safeguarding citizens’ data in accordance with global best standards and practices, deeming it essential for ensuring its safety, security, and protection.
The National Commissioner said, “Cumulatively, we have had over 1,000 reports of data breaches between when we started and now. The figure is low because of the low level of awareness among Nigerians.
Out of the 1,000 cases, about 400 of them are digital revenue companies that we call loan sharks, but the main ones we have conducted investigations in the education sector, financial institutions, real estate, insurance, consulting, and schools, and as of today, we have finalised four major investigations, and some have paid their remediation fees. In the law, we can fine companies depending on the nature of the breach, impact on the subject, and level of cooperation, and we got N400m from remediation fees.”
He added that ongoing investigations are being conducted concerning data infractions.
Olatunji also highlighted that the NDPC’s activities have led to increased compliance with the Nigeria Data Protection Act in both the private and public sectors.
“When we started, the levels of compliance within the private sector was about 49 per cent while the public sector was 4 per cent. But today, private sector compliance is above 55, while the public sector has reached 15 per cent,” Olatunji said.