Nigeria’s IT clearinghouse, the National Information Technology Development Agency (NITDA) has many financial institutions and government agencies under its surveillance as it investigates possible breach of privacy data in line with provisions of the Nigeria Data Protection Regulation (NDPR) of 2019, IT Edge News has learnt.
By IT Edge News findings, NITDA is increasingly worried over persistent cases of non-adherence among banks and other financial players to the provision of the NDPR which forbids publication, sharing leaking of citizens’ data without their approval or that of any approving authority. Many financial players are not taking adequate steps to ensure customers data are fully protected as spelled out by the NDPR.
NITDA which recently imposed a five million naira fine on Electronic Settlement Limited (ESL) among other sanctions for breach of personal data by the fintech company had signaled its increasing zero tolerance for data protection breaches as defined under the NDPR.
The agency is using a mix of strategies including education, direct warnings, and enforcement actions to ensure compliance with the NDPR, Nigeria’s principal data protection legislation issued by the NITDA on 25 January 2019 pursuant to Section 32 of the NITDA Act 2007 as subsidiary legislation to the NITDA Act 2007.
The Ministry of Communications and Digital Economy, under which NITDA operates, had weeks back urged the agency to be more strict on the enforcement side. The Minister of Communications and Digital Economy, Dr. Isa Ali Ibrahim Pantami, had during the Privacy Week in January asked the NITDA to get tougher in its enforcement of the NDPR.
Last December, NITDA came down hard on the Lagos State Internal Revenue Service (LIRS) over alleged breach of taxpayers.’
Since the NDPR became operational in 2019, NITDA has licensed about 100 Data Protection Compliance Organisations (DCPOs) to help drive compliance to NDPR and in year, the results were outstanding according to Director General, NITDA, Mallam Kashifu Inuwa Abdullahi.
He affirmed: “The NDPR implementation framework has also succeeded in ensuring that within a year of coming on stream, a total of 635 data audit reports were filed by various entities across 13 sectors of the Nigerian economy, just as 15 investigations on alleged data breaches were undertaken while 2,686 jobs were created.”
Data protection is global issue
Data protection is now a serious global issue with authorities clamping down on breaches.
In one report, the UK’s Information Commissioner’s Office (ICO) fined British Airways £20m for a significant data incident that occurred over several months in 2018, resulting in the loss of personal data of over 400,000 staff and customers including banking/payment information.
The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy.
Authorities in the US and Europe are also investigating another recent case involving Facebook where about 533 million users of the social media platform had their personal data exposed online.
Considered a major breach with the leakage of personally identifying information of almost half a billion Facebook users. Their exposed information includes names, phone numbers, emails, birthday, biographies, and email addresses, and location among others – all published and made available for free on a hacking forum.
The possible consequences of the breach are frightening, said Dmitry Galov, a security expert at Kaspersky.
He said: “It would not be surprising if attackers were seen using the information obtained from the breach in targeted phishing attacks, whereby attackers send malicious emails that appear to come from a trusted sender.”
37 billion breaches in 2020.
According to Atlas VPN team based on the 2020 Year End Data Breach QuickView Report by Risk Based Security, the number of leaked data records worldwide hit a whopping 37 billion in 2020. It is a 140% increase from 15 billion records in 2019.
The majority — 82% or over 30 billion of data records — were compromised in only five major breach incidents. All of them were a result of misconfigured databases or services.
The most commonly exposed type of data were names, leaked in 46% of data breaches last year. Next up are email addresses, which were compromised in 32% of incidents.
While leaked records reached never-before-seen highs in 2020, the number of actual data breaches shrank by 48%. It went down from 7,553 breaches in 2019 to 3,932 in 2020.
In total, 77% of data breaches last year were caused by outside actors, 16% by insider threats, while the rest is unknown. What is more, 676 breaches last year included ransomware as an attack element — a 100% rise compared to 2019.