TheNewsGuru

Tag: NDPR

  • GTBank, Zenith Bank in trouble over alleged data breach

    GTBank, Zenith Bank in trouble over alleged data breach

    The Nigeria Data Protection Bureau (NDPB) has commenced an investigation into allegations of data breach against Guarantee Trust Bank (GTBank) and Zenith Bank.

    TheNewsGuru.com (TNG) reports Mr Babatunde Bamigboye, Head, Legal Enforcement and Regulations of NDPB said this in a statement issued in Abuja.

    Bamigboye said the investigations were triggered by allegations of unlawful disclosure of banking records to a third party, unlawful access and processing of personal data.

    National Commissioner of NDPB, Dr Vincent Olatunji in the statement said the investigation would cover the data governance practice of the banks in all their branches in Nigeria.

    He said this would extend to all third parties carrying out their data processing activities.

    “The bureau notes with concern that many data privacy and protection regulations and best practices are hardly implemented down to the organizational strata of major data controllers in Nigeria.

    “Similarly, the bureau enjoins rganisations  to heed the Federal Government circulars and general compliance notice directing them to send the names of their Data Protection Officers/Contacts to the Bureau.

    “There are reports by Nigeria Inter Bank Settlement System (NIBSS) which indicated that within nine months of 2020, fraudsters attempted 46,126 attacks and they were successful with 41,979 occasions representing 91 per cent of the time.

    “This level of vulnerability to data breach is unacceptable,” he said.

    According to him, such attacks can only be addressed through foolproof data security and data privacy measures by data controllers,data processors in the industry.

    Olatunji, however, enjoined all financial institutions to emulate the Central Bank of Nigeria in compliance with the Nigeria Data Protection Regulation (NDPR) 2019 by creating a robust data governance system.

    He also called on all organisations to leverage on the ongoing National Privacy Week to set their records straight on how they handle the data of citizens.

    Olatunji added that enforcement measures would be taken against wilful violators of privacy rights going forward.

  • Buhari appoints Olatunji NDPB pioneer national commissioner

    Buhari appoints Olatunji NDPB pioneer national commissioner

    President Muhammadu Buhari has approved the appointment of Dr Vincent Olatunji, as the National Commissioner/Chief Executive Officer of the Nigeria Data Protection Bureau (NDPB).

    The approval followed a request made by the Minister of Communications and Digital Economy, Prof. Isa Pantami.

    This is contained in a statement issued by Mrs Uwa Suleiman, Spokesperson of the Minister, on Friday in Abuja.

    The NDPB, she said, was established in line with global best practice and would focus on data protection and privacy for the country, among others.

    “The successful implementation of the National Digital Economy Policy and Strategy (NDEPS) for a Digital Nigeria has significantly increased the adoption of data platforms and accelerated the datafication of our society.

    “This has increased the importance of having an institution that focuses on data protection and privacy,” she said.

    She further explained that the issuance of Nigeria Data Protection Regulation (NDPR), subsidiary legislation to the National Information Technology Development Agency (NITDA) Act 2007, increased awareness about the need for data protection and privacy.

    She said that the NDPB would be responsible for consolidating the gains of NDPR and support the process for development of a primary legislation for data protection and privacy.

    Newsmen reports that Olatunji holds a PhD in Geography and Planning from the University of Lagos and an Advance Diploma in Computer Science.

  • Privacy: NITDA searches for local alternatives to WhatsApp, Twitter, Facebook

    Privacy: NITDA searches for local alternatives to WhatsApp, Twitter, Facebook

    The National Information Technology Development Agency (NITDA) has said it will organize a hackathon for Nigerians to pitch solutions that can provide services that will provide functional alternatives to existing global social media platforms such as WhatsApp, Facebook and Twitter.

    TheNewsGuru.com (TNG) reports this is contained in a public advisory issued by NITDA and released on Tuesday by it’s Head of Corporate Affairs and External Relations, Mrs. Hadiza Umar to address WhatsApp’s recent privacy policy changes and the implications for Nigerian users.

    According to the public advisory, to understand the issues bothering on WhatsApp’s recent privacy policy changes, NITDA in collaboration with the African Network of Data Protection Authorities had engaged Facebook Incorporated, the owners of Whatsapp platform, specifically, its global Policy officials on 9th April, 2021.

    “Nigeria’s engagement with Facebook continues. We have given them our opinion on areas to improve compliance with the NDPR. We have also raised concerns as to the marked difference between the privacy standard applicable in Europe, under the GDPR and the rest of the world.

    “Given the foregoing and other emerging issues around international technology companies, NITDA, with stakeholders, is exploring all options to ensure Nigerians do not become victims of digital colonialism. Our national security, dignity and individual privacy are cherished considerations we must not lose.

    “Because of this, we shall work with the Federal Ministry of Communications and Digital Economy to organize a hackathon for Nigerians to pitch solutions that can provide services that will provide functional alternatives to existing global social platforms,” the public advisory reads.

    Read public advisory in full below:

    PUBLIC ADVISORY

    WHATSAPP PRIVACY POLICY CHANGES: IMPLICATION FOR NIGERIAN USERS

    The National Information Technology Development Agency (NITDA) under Section 6 (f) of the NITDA Act 2007 wishes to provide this advisory to Nigerians to address Nigerian concerns on changes to Whatsapp Terms of Service and Privacy Policy which took effect on 15th May, 2021. Millions of Nigerians use Whatsapp platform for business, social, educational, and other purposes. The platform is the social media platform of choice for many Nigerians.

    To understand the issues and give an opportunity to explain its views, NITDA in collaboration with the African Network of Data Protection Authorities engaged Facebook Incorporated, the owners of Whatsapp platform, specifically, its global Policy officials on 9th April, 2021. After the engagement, NITDA, as Nigeria’s data privacy regulator, wishes to advise Nigerians on how Facebook’s business decision affects their privacy rights.

    What Has Changed?

    Facebook acquired Whatsapp in February 2014. Facebook currently has over 2.5 billion users globally, while Whatsapp has over 2 billion users. Whatsapp shared a reviewed Privacy Policy on 4th January 2021, informing its users outside the European Union that it would now share their information with Facebook and its sister companies.

    Datasets collected by Whatsapp

    Whatsapp collects the following information on users:

    • account information;
    • messages (including undelivered messages, media forwarding);
    • connections;
    • status information;
    • transactions and payments data;
    • usage and log information;
    • device and connection information;
    • location information;
    • cookies etc.

    Other information collected by Whatsapp include:

    • battery level;
    • signal strength;
    • app version;
    • browser information;
    • mobile network;
    • connection information (including phone number, mobile operator or ISP), language and time zone;
    • Internet Protocol address;
    • device operations information;
    • social media identifiers.

    The new policy best renders the platform’s information sharing practices with Facebook and its companies-

    “As part of the Facebook Companies, WhatsApp receives information from, and shares information with, the other Facebook Companies. We may use the information we receive from them, and they may use the information we share with them, to help operate, provide, improve, understand, customize, support, and market our Services and their offerings, including the Facebook Company Products…”

    Whatsapp shares the above listed information and the following with the Facebook company:

    • account registration information;
    • details on how users interact with others;
    • mobile device information;
    • Internet Protocol address;
    • Location data etc.

    The Facebook Team confirmed that private messages shared on WhatsApp consumer version are encrypted and not seen by the company. But the metadata (data about the usage of the service) which is also personal information is shared with other members of the Facebook Group.

    Whatsapp users are at liberty to decide on giving consent to the processing of their data based on the new privacy policy. The Nigeria Data Protection Regulation (NDPR) recognizes consent (a clear, unambiguous expression of privacy terms communicated by the controller and accepted by the Data Subject) as one of the lawful basis for data processing. Acceptance of the new privacy policy and terms of use implies that user data would now be shared with Facebook and other third parties. Users will now be subject to the terms and policies of Facebook and other receiving entities with or without being direct subscribers to such services.

    Advise

    As a result of the foregoing, NITDA advises as follows:

    • Nigerians may wish to note that there are other available platforms with similar functionalities which they may wish to explore. Choice of platform should consider data sharing practices, privacy, ease of use among others; and
    • Limit the sharing of sensitive personal information on private messaging and social media platforms as the initial promise of privacy and security is now being overridden on the bases of business exigency.

    Nigeria’s engagement with Facebook continues. We have given them our opinion on areas to improve compliance with the NDPR. We have also raised concerns as to the marked difference between the privacy standard applicable in Europe, under the GDPR and the rest of the world.

    Given the foregoing and other emerging issues around international technology companies, NITDA, with stakeholders, is exploring all options to ensure Nigerians do not become victims of digital colonialism. Our national security, dignity and individual privacy are cherished considerations we must not lose. Because of this, we shall work with the Federal Ministry of Communications and Digital Economy to organize a hackathon for Nigerians to pitch solutions that can provide services that will provide functional alternatives to existing global social platforms.

  • NITDA issues supplementary guidelines to data protection regulation

    The National Information Technology Development Agency (NITDA) has issued the Management of Personal Data by Public Institutions in Nigeria 2020 guidelines, as a supplementary to the Nigeria Data Protection Regulation (NDPR) of 2019.

    Its Head, Corporate Affairs and External Relations, Mrs Hadiza Umar, disclosed this on Monday in a statement issued in Abuja.

    Umar said the guidelines were to enable the agency to implement its regulatory mandate.

    “The guidelines stipulate the requirements for the processing of personal data by public institutions in Nigeria.

    “It is issued to reinforce the implementation of the NDPR, while all the principles and provisions of the NDPR remain valid and applicable to all Nigerians including public institutions.

    “The guidelines require all public institutions and any entity co-owned by the government to process all personal data of Nigerians and Data subjects in the country in line with best practices and highest standards.

    “It takes cognisance of the fact that some public sector data processing may be founded on vital or public interest, so it requires public data controllers and processors to be ethical and professional.

    “It also mandates the use of secure technology and automated processes for personal data by Public Institutions, in line with the requirements of the National Digital Economy Policy and Strategy,” she said.

    Umar added that all public institutions holding and processing personal data were required to securely digitise all personal databases within 60 days from the issuance of the guidelines.

    According to her, public institutions are required to maintain the highest level of information security to guarantee confidentiality, integrity, availability and resilience of all databases within their control.

    She also recognised that there could be need for collaboration between the public and private sector to tackle emergencies or other state-led interventions for the benefit of citizens.

    The official, however, said the guidelines provided a strict framework for such collaborations to ensure that the privacy of Nigerians was not unduly infringed.

    “The COVID-19 pandemic, for example, has brought up the need for more personal data use to limit the spread of the virus.

    “While we recognise the existence of constitutional limitations on privacy rights in the interest of public health and safety, such limitations must be based on defined frameworks.

    “NITDA implores all concerned parties to comply strictly with the requirements of these guidelines and seek professional guidance from licensed Data Protection Compliance Organisations,” Umar said.

    She aidd that the agency would ensure adequate compliance to the NDPR and other guidelines through monitoring, as well as sanction defaulting institutions as provided in NITDA and NDPR Act.

    Umar urged all concerned parties to study the guidelines diligently, apply them accordingly and reach out to the agency for further clarifications.

    She encouraged data processors and controllers to find available regulatory guidelines on the agency’s website: www.nitda.gov.ng.

    The NDPR outlines the need to safeguard the right of natural persons to data privacy, fosters safe conduct for transactions involving the exchange of Personal Data, prevents personal data manipulation among other objectives.

  • Data protection: NITDA extends deadline for initial data audit report filing

    Data protection: NITDA extends deadline for initial data audit report filing

    The National Information Technology Development Agency (NITDA) has granted a three-month extension period that will elapse on Friday 25th October 2019 for the filing of initial audit report for every data controller and processor.
    TheNewsGuru (TNG) reports Dr Isa Ali Ibrahim Pantami, Director General/Chief Executive Officer (CEO) of the NITDA and Chief Information Technology Officer of Nigeria made this known in a statement in Abuja.
    This is following a series of consultations held by the agency with various industry and government stakeholders on the implementation of the Nigeria Data Protection Regulation (NDPR).
    According to the statement, the overwhelming consensus of all stakeholder groups is that the NDPR is an appropriate regulation that would help provide clarity for data controllers and processors on the rights of data subjects, basis of processing personal data and transfer of data outside Nigeria among others.
    “NITDA is pleased to note that stakeholders including other Sector Regulators, Government, Banks, Industry groups, Private Sector players among many others, have shown tremendous willingness towards compliance with the NDPR.
    “Consequently, Article 4.1(5) of the NDPR requires Data Controllers to submit an initial audit report within six months of issuance of the Regulation (which lapsed on 25th July, 2019).
    “Several Data Controllers have appealed for an extension of time to meet this obligation. Therefore, NITDA is hereby granting a three-month extension for the conduct of the initial audit report for every data Controller and Processor. This extension period would elapse on Friday 25th October 2019.
    “This extension of time for the purpose of audit filing does not limit NITDA’s right to investigate and enforce other allegations of breach made against any Data Controller or Processor pursuant to the NDPR and the NITDA Act 2007,” the statement read.
    TNG reports NITDA is a Federal Government Agency established in 2001 to implement the Nigerian Information Technology Policy as well as coordinate general IT development and regulation in the country.
    Specifically, Section 6(a,c) of the Act mandates the NITDA to create a framework for the planning, research, development, standardization, application, coordination, monitoring, evaluation and regulation of Information Technology practices, activities and systems in Nigeria.
    The Act also mandates the NITDA to develop guidelines for electronic governance and monitor the use of electronic data interchange and other forms of electronic communication transactions as an alternative to paper-based methods in government, commerce, education, the private and public sectors, labour, and other fields.