The Nigeria Data Protection Bureau (NDPB) has opened an investigation into allegations of data breach by two Nigeria Banks, namely GT Bank and Zenith Bank.
According to the privacy ombudsman, the investigations were triggered by allegations of unlawful disclosure of banking records to a third party and unlawful access and processing of personal data.
RELATED: NDPR: Nigerian government goes after illegal online banks over privacy violations
According to the directive of the National Commissioner and CEO, NDPB, Dr. Vincent Olatunji, the investigation covers the data governance practice of the banks in all their branches in Nigeria and extends to all third parties carrying out data processing activities.
The Nigeria Data Protection Regulation (NDPR) is the comprehensive regulation on data protection in Nigeria. The NDPR applies to all transactions intended for the processing of personal data.
Banks ignoring data privacy and protection regulations
“The Bureau notes with concern that many data privacy and protection regulations and best practices are hardly implemented down the organizational strata of major data controllers in Nigeria,” the privacy regulated expressed in a statement issued in Abuja this week by Head, Legal Enforcement and Regulation, NDPB, Babatunde Bamigboye.
Adding: “Similarly, the Bureau enjoins organizations to heed the Federal Government circulars and general compliance notice directing them to send the names of their Data Protection Officers/Contacts to the Bureau.
“There are reports by Nigeria Inter Bank Settlement System (NIBSS) which indicated that within 9 months of 2020, fraudsters attempted 46,126 attacks and they were successful in 41,979 occasion representing 91% of the time! This level of vulnerability to data breach is unacceptable and it can only be addressed through foolproof data security and data privacy measures by data controllers/data processors in the industry.
“The National Commissioner enjoins all financial institution to emulate the example of the Central Bank of Nigeria in compliance with the Nigeria Data Protection Regulation (NDPR) 2019 and in creating a robust data governance system. The National Privacy Week is an opportunity for all organizations to set their records straight on how they handle the data of citizens. Enforcement measures will be taken against willful violators of privacy rights forthwith.”