According to the Nigerian Data Protection Bureau (NDPB), it is now looking into several suspected data breaches at four banks, one telecoms company, consulting firms, and numerous loan sharks.
Dr. Vincent Olatunji, the National Commissioner/Chief Executive Officer of the NDPB, revealed this yesterday while briefing journalists in Lagos about the bureau’s activities over the previous year. He claimed that the sensitivity of the data at their disposal made an investigation into them necessary.
Olatunji declared that the inquiries will go on as the NDPB prepared to focus searchlights on other, data-rich areas.
He focused in especially on the actions of loan sharks, emphasizing how much suffering they had inflicted on victims.
He claims that the majority of these organizations don’t have official business offices.
The head of the NDPB revealed that the bureau will cooperate with the Independent Corrupt Practices and Other Related Offences Commission (ICPC), National Information Technology Development Agency (NITDA), Federal Competition and Consumer Protection Commission (FCCPC), Nigerian Communications Commission (NCC), Economic and Financial Crimes Commission, and the Federal Competition and Consumer Protection Commission on the investigation (NPF).
“We are investigating over 110 data controllers and data processors for various degrees of data privacy and protection breaches. The most worrisome are those in the financial and the telecoms sectors. Four banks, online lending companies, one telecoms company and one gaming company are being investigated.”
“The vulnerabilities in these sectors are high partly due to the capabilities of intrusive mobile apps. When you factor in lack of due diligence on the part of data controllers in engaging data processors or vendors who have access to personal data of customers, what you see in some cases is a pattern of abuses in violation of the Nigeria Data Protection Regulation (NDPR) and section 37 of the 1999 Constitution of the Federal Republic of Nigeria.”
“The position of the government is that those who deal with data have nothing to fear but the consequences of their acts and omissions which may constitute a civil or a criminal liability. We are particularly glad that the Nigeria Police Force are currently working with us in this regard,” he confirmed.
According to Olatunji, who estimated the value of Nigeria’s data business at N5.5 billion, the NDPB has contributed N94 million to government coffers in the two years since its establishment. He emphasized that the NDPB is a business that generates income.
He claims that the agency is currently being funded by NCC, NITDA, and the Nigeria Identity Management Commission (NIMC), all under the direction of the president.
He stated that the Nigeria Data Protection Bill was approved by the Federal Executive Council on January 25, 2023 and that it will be sent to the National Assembly as an executive bill. He also stated that the Legislature has reiterated its readiness to bring the Bill into law.
Olatunji mentioned the creation of the NDPB Strategic Roadmap and Action Plan when speaking of the bureau’s strategic initiatives and results (NDPB-SRAP 2023-2028). He claimed that the goal was to adhere to a road map that was Specific, Measurable, Achievable, Relevant, and Time-Bound from the beginning (SMART).
“Thus, we have put in place five guiding pillars, which are governance; ecosystem and technology; capacity development; cooperation and collaboration and funding and sustainability.”
“In each of these pillars are time-bound goals, activities and outcomes which are carefully crafted to guide the Bureau in the discharge of its mandate.”
“Full automation of the following processes: Nigeria Data Protection Regulation (NDPR) Compliance Audit Returns Filing; NDPR Complaint Process and Data Protection Compliance Organizations (DPCOs) Registration and Licensing,” he stated.
He mentions the National Data Protection Adequacy Programme as well. According to him, this is intended to provide enterprises with a steady path toward establishing suitable technological and organizational safeguards of data privacy protection.
He said that as a result, the number of Data Protection Officers (DPOs) employed by data controllers and processors across Nigeria increased by 400%.
“Licensing of additional 48 Data Protection Compliance Organizations (DPCOs). With this number, we now have 138 DPCOs. This has boosted wealth and job creation in the ecosystem. The cumulative revenue of the sector is estimated at N5.5 billion and over 9, 500 jobs have been created so far. Similarly the rate of NDPR Compliance Audit Returns filing increased from 1229 in 2021 to 1,777 in 2022,” he added.
