Data breach: FG slams N400m fine on four banks, others

The Nigeria Data Protection Commission has said more than 1000 financial institutions, schools, insurance companies, and consultancy firms are currently undergoing investigations for various degrees of breaches of citizens’ data.This was as the commission’s National Commissioner, Vincent Olatunji, revealed that four major banks and three other institutions faced sanctions and incurred fines totalling N400m for infractions relating to breaches of citizens’ data.Olatunji revealed this on Tuesday during an interactive session with journalists to mark the first anniversary of the signing into law of the Nigeria Data Protection Commission Act by President Bola Tinubu in Abuja.On June 12, 2023, Tinubu assented to the data protection bill to advance privacy rights and other fundamental freedoms both in cyberspace and in analogue transactions.

The legislation allows Nigerians to seek redress from any form of data breach stipulating that citizens’ data is “processed in a fair, lawful and accountable manner”.Recalling with nostalgia, the national commissioner stated, “As of this time last year, we were so unsure if the president would assent to the bill, what if the president didn’t sign it, what would have happened? The bill was passed by the ninth Assembly and usually, when a new government comes in, they want to jettison all that the former government did before it got there. More importantly, it was a new government. I was apprehensive, everyone was worried but I kept faith in God even though I was not sure too and on the 12th of June last year, the president signed it.”Speaking further, Olatunji emphasised that the nation’s data ecosystem has surpassed a value of N10bn due to the multiplier effect of assenting to the bill.

He stressed the commission’s commitment to safeguarding citizens’ data by global best standards and practices, deeming it essential for ensuring its safety, security, and protection.The national commissioner said, “Cumulatively, we have had over 1,000 reports of data breaches between when we started and now. The figure is low because of the low level of awareness among Nigerians.Out of the 1,000 cases, about 400 of them are digital revenue companies that we call loan sharks but the main ones we have conducted investigations in the education sector, financial institutions, real estate, insurance, consulting, and schools and as of today, we have finalised four major investigations and some have paid their remediation fees. In the law, we can fine companies depending on the nature of the breach, impact on the subject and level of cooperation and we got N400m from remediation fees.”