The Nigeria Data Protection Bureau, NDPB, has commenced an investigation into allegations of data breach by some Nigeria banks and topping the list is Zenith Bank.
According to Babatunde Bamigboye, Head, Legal Enforcement and Regulations of NDPB , investigations were triggered by allegations of unlawful disclosure of banking records to a third party, and unlawful access and processing of personal data.
National Commissioner of NDPB, Dr Vincent Olatunji in the statement said the investigation would cover the data governance practice of the banks in all their branches in Nigeria.
He said this would extend to all third parties carrying out their data processing activities.
“The bureau notes with concern that many data privacy and protection regulations and best practices are hardly implemented down to the organizational strata of major data controllers in Nigeria.
Similarly, the bureau enjoins organisations to heed the Federal Government circulars and general compliance notice directing them to send the names of their Data Protection Officers/Contacts to the Bureau.
“There are reports by Nigeria Inter Bank Settlement System (NIBSS) which indicated that within nine months of 2020, fraudsters attempted 46,126 attacks and they were successful with 41,979 occasions representing 91 per cent of the time.“This level of vulnerability to data breach is unacceptable,” he said.
According to him, such attacks can only be addressed through foolproof data security and data privacy measures by data controllers,data processors in the industry.Mr Olatunji, however, enjoined all financial institutions to emulate the Central Bank of Nigeria in compliance with the Nigeria Data Protection Regulation, NDPR, 2019 by creating a robust data governance system.
He also called on all organisations to leverage on the ongoing National Privacy Week to set their records straight on how they handle the data of citizens.Mr Olatunji added that enforcement measures would be taken against wilful violators of privacy rights going forward.