Data Bureau investigates GTBank, Zenith for alleged data breach; lauds CBN
The Nigeria Data Protection Bureau (NDPB) has begun investigation into allegations of data breach by two Nigerian banks, GTBank and Zenith Bank.
The banks were alleged to have been involved in unlawful disclosure of banking records to a third party and unlawful access and processing of personal data.
The national commissioner of NDPB, Dr. Vincent Olatunji, disclosed that the investigation covers the data governance practice of the banks in all their branches in Nigeria and extends to all third parties carrying out data processing activities.
The bureau said that many data privacy and protection regulations and best practices are hardly implemented down the organisational strata of major data controllers in Nigeria.
It urged organisations to heed the Federal Government circulars and general compliance notices directing them to send the names of their data protection officers/contacts to the bureau.
Reports by the Nigeria Inter-bank Settlement System (NIBSS) indicated that within nine months of 2020, fraudsters attempted 46,126 attacks and they were successful in 41,979 occasions – representing 91 per cent of the time.
“This level of vulnerability to data breaches is unacceptable and it can only be addressed through foolproof data security and data privacy measures by data controllers/data processors in the industry”, the bureau said.
The national commissioner enjoined all financial institutions to emulate the example of the Central Bank of Nigeria (CBN) in compliance with the Nigeria Data Protection Regulation (NDPR) 2019 and in creating a robust data governance system.
A statement by the bureau’s head, legal enforcement and regulation, Babatunde Bamigboye, Esq., said the National Privacy Week is an opportunity for all organisations to set their records straight on how they handle the data of citizens. Enforcement measures will be taken against willful violators of privacy rights forthwith.