Data Protection Breach: NITDA fines Company, Commends Efforts

The Information Technology Development Agency (NITDA) has imposed a fine of Five million Naira only (5, 000, 000. 00) on Electronic Settlement Limited.

This was disclosed in a statement signed by Mrs Hadiza Umar, Head, Corporate Affairs and External Relations of NITDA.

The fine was one of the decisions reached after an “investigation process on the personal data breach by Electronic Settlement Limited”.

According to the NITDA , “The Information Technology Development Agency (NITDA) has concluded its investigation process on the personal data breach by Electronic Settlement Limited.

“The investigative process involved an analysis of the company’s applications and websites; visit to the company’s office in Lagos, review of its technical documents as submitted to the Agency and interrogation of its officials by NITDA investigation team in Abuja. At the end of the process, have established that there was a data breach involving the company.”

NITDA however commended the company for the efforts made to.mitigate the breach.

Mrs Umar said, “ commend Electronic Settlement Limited for the actions taken to mitigate this breach. Particularly, ’s taking full for the breach, updating identified security issues, cooperation with NITDA investigation team, recruitment of a data protection organization, submission of its annual NDPR audit report and generally improving its with the NDPR.  The company’s actions demonstrate its sense of and duty to protect the data of Nigerians and customers in general.

“The objective of our investigation was to assess the risk resulting the breach, with a view to identifying the causes, remedial actions taken and other necessary issues to avoid recurrence         . The company has been well briefed on our prescriptions for better information security and protection of personal data.”

However the statement said, “In with the NDPR and the need to prevent a repeat of this unfortunate breach, NITDA has directed as follows: “Electronic Settlement Limited shall be under a six-month information technology oversight by NITDA. The oversight shall involve oversight of implementation of prescribed security controls and processes.

“That a clear data security and governance document is drawn up between the Electronic Settlement Limited and all its Information Technology services vendors identifying roles, responsibilities and processes involved in securing and protecting personal data.

“That the company conduct regular NDPR training for all staff, publish and appropriate policies as required by the NDPR.

“Submit 2020/2021 regulatory audit as required by Article 4.1.6 of the NDPR, conducted by a Data Protection Organization (DPCO) as licensed by NITDA.

“Conduct Data Protection Impact Assessment on some data intensive applications and products.Payment of the sum of Five million Naira only (5, 000, 000. 00) as fine in line with the requirements of the NDPR.

thank the public for its continued interest in ensuring the full implementation of the NDPR to safeguard personal data of citizen. NITDA is therefore using this opportunity to encourage every data controller and processor to embark on necessary measures to protect personal data. The Agency has graciously approved the extension of time to file the annual audit report to 30th June, 2021. We further reaffirm our continued commitment to implementing the NDPR vigorously and providing periodic updates to the public with regards to our activities and investigations in discharge of our mandate.”