NDPC investigates three banks, university, others over data breach

The Nigeria Data Protection Commission (NDPC) has begin an investigation of three deposit money banks, one university and other suspects over data breach.

The commission listed Zenith bank, Fidelity bank, Guaranty Trust (GT) Banks, Babcock University and Leadway Insurance, among others for the suspected infraction.

NDPC’s Head of Media, Mr. Itunu Dosekun, in a statement on Thursday, June 29, 2023, in Abuja, said the development was made known by the National Commissioner of the commission, Dr Vincent Olatunji.

Olatunji said the investigation of these organizations came following complaints from data subjects, explaining that with the new Nigerian Data Protection Act (NDPA), the commission had been empowered with a legal framework to address issues of citizens’ data breach.

“In the last few weeks, the NDPC has received complaints bothering on unlawful data processing, unauthorised access to personal data and violation of data subjects’ rights.

“Under Part 10 of the newly-signed NDPA Act 2023, a data controller with a turnover of N200 billion yearly may pay as high as N2 billion, which represents two percent of the gross revenue.

“Not only that, offenders also risk up to one-year jail term.

“We are currently investigating Guarantee Trust Bank, Fidelity, Unity, Zenith banks, Leadway Insurance and Babcock University, among others, for data breach,” Olatunji said.

He further stated that many micro-finance banks are yet to align their operations with the requirements of data privacy and protection as he revealed that loaning organizations would face the law with the new mandate of the Federal Competition and Consumer Protection Commission (FCCPC).

Olatunji said the mandate required loan organizations to seek compliance and clearance from NDPC before granting approval to online lenders.

“The commission is investigating over 400 complaints in the online lending sector.

“Soko Loan is already working on a come back to the digital lending market, but yet to be approved,’’ the NDPC National Commissioner said,

Olatinji however said that the commission was engaging in serious sensitisation exercise to ensure that data controllers understood the implications of data breaches, noting that it prioritizes awareness more than the scorched earth enforcement process.