NDPC investigates Gtbank, Zenith, Fidelity, Unity Bank for data breach
FCG reports that the Nigeria Data Protection Commission (NDPC) says it is investigating three banks, a university and other suspects over alleged data breach.
A data breach is an unauthorised access to confidential information.
FCG gathered that the commission listed Zenith, Fidelity, Guarantee Trust Banks, Babcock University, Leadway Insurance, etc., for the interaction.
NDPC national commissioner Vincent Olatunji disclosed this in a statement on Thursday.
According to NAN, Mr Olatunji said the investigation came following complaints from data subjects. He explained that with the new Nigerian Data Protection Act (NDPA), the commission had been empowered with a legal framework to address issues of citizens’ data breaches.
“In the last few weeks, the NDPC has received complaints bordering on unlawful data processing, unauthorised access to personal data and violation of data subjects’ rights,” stated the NDPC chief. “Under Part 10 of the newly signed NDPA 2023, a data controller with a turnover of N200 billion yearly may pay as high as N2 billion, which represents two per cent of the gross revenue.”
He added, “Not only that, offenders also risk up to one-year jail term. We are currently investigating Guarantee Trust Bank, Fidelity, Unity, Zenith banks, Leadway Insurance and Babcock University, among others, for data breach.”
According to him, many micro-finance banks have yet to align their operations with data privacy and protection requirements.
He further revealed that loaning organisations would face the law with the new mandate of the Federal Competition and Consumer Protection Commission.
Mr Olatunji said the mandate required loan organisations to seek compliance and clearance from NDPC before approving online lenders.
“The commission is investigating over 400 complaints in the online lending sector. Soko Loan is already working on a comeback to the digital lending market, but yet to be approved,” said the commissioner.
He, however, said that the commission was engaging in sensitisation exercises to ensure that data controllers understood the implications of a data breach.
According to the national commissioner, the NDPC prioritises awareness more than the scorched earth enforcement process.