According to the Nigeria Data Protection Commission, over 1000 financial institutions, schools, insurance organizations, and consulting firms are currently under investigation for varying degrees of data breaches. This came as the commission’s National Commissioner, Vincent Olatunji, stated that four major banks and three other organizations had been sanctioned and fined a total of N400 million for data breaches involving citizens.

Olatunji stated this on Tuesday, 11 June 2024, during an interactive session with journalists in Abuja to commemorate the one-year anniversary of President Bola Tinubu signing the Nigeria Data Protection Commission Act into law. Tinubu signed the data protection bill on June 12, 2023, in order to improve privacy rights and other fundamental freedoms in both online and analog transactions.

The legislation permits Nigerians to seek remedy from any data breach and mandates that citizens’ data is “processed in a fair, lawful and accountable manner.”

Speaking at the event, Olatunji noted that the nation’s data ecosystem has surpassed a value of 10 billion naira.

He emphasized the Commission’s commitment to securing citizens’ data in accordance with global best standards and practices, calling it crucial for ensuring its safety, security, and protection.

The National Commissioner said, “Cumulatively, we have had over 1,000 reports of data breaches between when we started and now. The figure is low because of the low level of knowledge among Nigerians.

Out of the 1,000 cases, about 400 of them are digital revenue companies that we call loan sharks, but the main ones we have conducted investigations in the education sector, financial institutions, real estate, insurance, consulting, and schools, and as of today, we have finalized four major investigations, and some have paid their remediation fees. In the law, we can fine companies depending on the extent of the breach, impact on the subject, and the extent of cooperation, and we obtained N400m from remediation fees.”

He stated that continuing investigations are being performed concerning data infringement. Olatunji further underlined that the NDPC’s initiatives have led to enhanced compliance with the Nigeria Data Protection Act in both the private and public sectors.

“When we first started, the private sector had a compliance rate of around 49%, whereas the public sector had a rate of 4%. However, private sector compliance is now higher than 55%, while public sector compliance is only 15%, according to Olatunji.

Read Also: Tinubu to Address Nigerians on Wednesday, Democracy Day