Following the recent sanction of two banks for data privacy breach, the Nigeria Data Protection Bureau (NDPB) is currently investigating five other institutions in the finance and education sectors in Ogun State for various data privacy breaches.
The Chief Executive Officers and Vice Chancellor of the affected institutions risk paying two per cent of their gross earnings in the previous year as fine or risk jail term or both, depending on the effect and consequences of the data breaches.
The National Commissioner/CEO of NDPB, Dr. Vincent Olatunji, who confirmed the sanction imposed on two Nigerian banks, told THISDAY in a telephone conversation yesterday that the banks were sanctioned after proper investigation on data privacy and protection was carried on them.
The banks are currently going through a six-month remediation course organised for their Data Controlling Officers (DCOs) and Data Processing Officers (DCOs), he said.
The implementation of the NDPB law commenced recently, after President Bola Tinubu signed it into law.
“NDPB has five institutions in its investigation list and their CEOs will risk paying heavy fine or go to jail after the breaches have been established.
“The minimum fine for data breach is N50 million and the maximum fine is two per cent of their gross earnings in the previous year.
“The two banks that have been sanctioned are currently going through six months remediation course. There are lots of data breaches going on in hospitals, hotels, aviation sector, transportation sector, and schools, which we need to address as government agency,” Olatunji said.
According to him, poor handling of sensitive data had caused lots of harm to people, adding that the NDPB was working with government agencies like the Economic and Financial Crimes Commission (EFCC), National Information Technology Development Agency (NITDA), Nigeria Police Force (NPF), Independent Corrupt Practices and Other related Offences Commission (ICPC), among others, to investigate over 110 data controllers and data processors for various degrees of data privacy and protection breaches.
He said lack of due diligence on the part of data controllers in engaging with data processors or vendors that have access to personal data of customers, has led to abuses and violation of people’s rights.
Olatunji said the NDPB law would ensure a sustainable digital economy and also strengthen the Nigerian economy, adding that the NDPB is putting plans in place to create 500,000 jobs in order to close the capacity gap in the sub-sector and help achieve President Tinubu’s goal of creating one million jobs.