Data Breaches And NDPB's Investigation Of 110 Compromised Companies

The present investigation of over 110 companies in Nigeria being carried out by the Nigeria Data Protection Bureau (NDPB) over allegations of a data breach is worth every attention for the simple reason that all over the world, data breaches are not treated with kids' gloves.

News about this investigation was announced on Monday by the National Commissioner of NDPB, Dr Vincent Olatunji in Lagos.

A Review of the Perspective of Data Protection and Breaches in Nigeria

According to DLA Piper's Data Protection Laws of the World website publication (Nigeria context), data protection/privacy is not listed as an item under any of the exclusive, concurrent or residual legislative lists provided in the Nigerian Constitution (as amended).

The implication of this is that both Federal and State legislature can legislate on data protection within the country.

It is also worthy of note that both the federal government and some states in Nigeria are in the process of drafting legislation in this regard.

In October 2022, a draft Federal Data Protection Bill was issued to establish the Nigerian Data Protection Commission, regulate data retention, international data transfers and data breaches.

In addition to the above, one state that has considered issuing its own data protection legislation is Lagos State.

A data protection bill has been issued by the State House of Assembly and the primary objective of the bill is to promote the protection of personal information processed by public and private bodies in Lagos State and establish minimum requirements for the processing and protection of personal information within the state.

AllNews Nigeria commends the Lagos State government for standing out in this exemplary initiative.

 
More on NDPB

According to the National Commissioner of NDPB, the companies being investigated include banks, telecommunications firms, gaming companies, and online lending companies.

‘’We are investigating over 110 data controllers and data processors for various degrees of data privacy and protection breaches. 

“The most worrisome are those in the financial, telecom, gaming, and online lending industries,” he said.

Speaking on the efforts of the Bureau in providing maximum protection of Nigerians’ data in line with the Nigeria Data Protection Regulation, the national commissioner said, “When you factor in the lack of due diligence on the part of data controllers in engaging data processors or vendors that have access to the personal data of customers, you find in some cases abuse and violation of the Nigeria Data Protection Regulation (NDPR) and section 37 of the 1999 Constitution.”

Olatunji noted that the Nigeria Police Force is presently working with the Bureau on this matter.