The Nigerian Data Protection Commission (NDPC) has initiated an investigation into Babcock University and five other financial institutions over suspected data breaches. The commission, led by National Commissioner Dr. Vincent Olatunji, revealed that the probe was prompted by complaints from data subjects. The new mandate of the Federal Competition and Consumer Protection Commission (FCCPC) now requires loan organizations to obtain compliance and clearance from the NDPC before granting approval to online lenders.
In a statement issued by Mr. Itunu Dosekun, the Head of Media for the commission, it was disclosed that the Nigerian Data Protection Act (NDPA) had provided the NDPC with a legal framework to address issues related to citizens’ data breaches. Olatunji highlighted the gravity of the situation, stating that violations of the NDPA could result in significant penalties. According to Part 10 of the newly-signed NDPA Act 2023, data controllers with a turnover of N200 billion annually could face fines as high as N2 billion, equivalent to two percent of their gross revenue. In addition, offenders may be subject to a one-year jail term.
The financial institutions currently under investigation for alleged data breaches include Guarantee Trust Bank, Fidelity Bank, Unity Bank, Zenith Bank, Leadway Insurance, and Babcock University. Olatunji further emphasized that micro-finance banks must align their operations with data privacy and protection requirements to avoid legal repercussions.
In the online lending sector, the NDPC is investigating over 400 complaints. Olatunji revealed that loan organizations must now seek compliance and clearance from the NDPC, as mandated by the FCCPC, before granting approval to online lenders. While Soko Loan is working on a comeback to the digital lending market, its approval is still pending.
The NDPC is prioritizing awareness and engagement to ensure data controllers fully comprehend the implications of data breaches. The commission seeks to educate rather than solely enforce punitive measures.
It is worth noting that President Bola Tinubu assented to the Nigeria Data Protection Bill, 2023 on June 14, 2023. This bill, proposed by former President Muhammadu Buhari, establishes a legal framework for personal information protection and data processing practices in Nigeria. The Nigeria Data Protection Commission, headed by a National Commissioner, is responsible for regulating personal information processing.
In a related development, the Federal Government previously shut down illegal online money-lending banks on March 11, 2022, for failing to register with the Corporate Affairs Commission (CAC) and engaging in activities violating the rights of Nigerian consumers. These lenders charged exorbitant interest rates and infringed on consumer privacy rights through unethical practices.
The FCCPC has released a regulatory and registration framework for digital lending to address issues such as unethical interest rates and violation of consumer privacy. They are working on a comprehensive framework to guide the operations of digital lenders in Nigeria, aiming to curb unethical lending practices.
As the investigation into Babcock University and other financial institutions unfolds, the NDPC remains committed to safeguarding citizens’ data and enforcing compliance with data protection regulations.