The Nigerian Data Protection Bureau (NDPB) is currently looking into five more organizations in the finance and education sectors in Ogun State for a variety of data privacy violations following the recent sanctions of two banks for data privacy violations.
Depending on the impact and outcomes of the data breaches, the Chief Executive Officers and Vice Chancellor of the affected institutions may be required to pay a fine equal to 2% of their gross annual earnings or serve time in prison, or maybe both.
In an interview yesterday, Dr. Vincent Olatunji, National Commissioner/CEO of NDPB, who confirmed the suspension placed on two Nigerian banks, said that the institutions were sanctioned following a thorough assessment into their data privacy and protection practices.
The banks are currently going through a six-month remediation course organised for their Data Controlling Officers (DCOs) and Data Processing Officers (DCOs), he said.
The implementation of the NDPB law commenced recently, after President Bola Tinubu signed it into law.
“NDPB has five institutions in its investigation list and their CEOs will risk paying heavy fine or go to jail after the breaches have been established.
“The minimum fine for data breach is N50 million and the maximum fine is two per cent of their gross earnings in the previous year.
“The two banks that have been sanctioned are currently going through six months remediation course. There are lots of data breaches going on in hospitals, hotels, aviation sector, transportation sector, and schools, which we need to address as government agency,” Olatunji said.
According to him, poor handling of sensitive data had caused lots of harm to people, adding that the NDPB was working with government agencies like the Economic and Financial Crimes Commission (EFCC), National Information Technology Development Agency (NITDA), Nigeria Police Force (NPF), Independent Corrupt Practices and Other related Offences Commission (ICPC), among others, to investigate over 110 data controllers and data processors for various degrees of data privacy and protection breaches.
He said lack of due diligence on the part of data controllers in engaging with data processors or vendors that have access to personal data of customers, has led to abuses and violation of people’s rights.
Olatunji said the NDPB law would ensure a sustainable digital economy and also strengthen the Nigerian economy, adding that the NDPB is putting plans in place to create 500,000 jobs in order to close the capacity gap in the sub-sector and help achieve President Tinubu’s goal of creating one million jobs.