The Nigeria Data Protection Bureau (NDPB) said it has launched an investigation into allegations of data breach by Zenith Bank and Guaranty Trust Bank.
The Head of Legal Enforcement and Regulations of NDPB, Mr. Babatunde Bamigboye, said the investigations were triggered by allegations of unlawful disclosure of banking records to a third party, unlawful access, and processing of personal data.
The statement quoted the National Commissioner of NDPB, Dr. Vincent Olatunji, saying that the investigation would cover the data governance practice of the banks in all their branches in Nigeria.
Privacy concern: While noting that the investigation would extend to all third parties carrying out their data processing activities, the NDPB boss said:
- “The bureau notes with concern that many data privacy and protection regulations and best practices are hardly implemented down to the organizational strata of major data controllers in Nigeria.
- “Similarly, the bureau enjoorganizationsions to heed the Federal Government circulars and general compliance notice directing them to send the names of their Data Protection Officers/Contacts to the Bureau.
- “There are reports by Nigeria Inter-Bank Settlement System (NIBSS) which indicated that within nine months of 2020, fraudsters attempted 46,126 attacks and they were successful with 41,979 occasions representing 91% of the time. This level of vulnerability to a data breach is unacceptable.”
According to him, such attacks can only be addressed through foolproof data security and data privacy measures by data controllers, and data processors in the industry. Olatunji, however, enjoined all financial institutions to emulate the Central Bank of Nigeria in compliance with the Nigeria Data Protection Regulation (NDPR) 2019 by creating a robust data governance system.
He also called on all organisations to leverage the ongoing National Privacy Week to set their records straight on how they handle the data of citizens. Olatunji added that enforcement measures would be taken against wilful violators of privacy rights going forward.
For the records: The Bureau had last September announced the launch of investigations into reports of a breach of data privacy involving Wema Bank PLC and KC Gaming Networks (Bet Naija). However, the outcomes of the investigations are yet to be made public.