National Information Technology Development Agency (NITDA) has fined a Lagos based firm, Electronic Settlement Limited N5 million for Data Protection Breach.
The decision was reached following an investigation into the matter, NITDA said.
The clamp down on the firm according to a statement signed by Hadiza Umar, Head, Corporate Affairs and External Relations, NITDA, was in compliance with the NDPR and the need to prevent a repeat of this unfortunate breach.
The objective of investigating the firm, the statement further was to assess the risk resulting from the breach, with a view to identifying the causes, remedial actions taken and other necessary issues to avoid recurrence.
Umar also said the company has been well briefed on prescriptions for better information security and protection of personal data.
The firm was also placed under a six-month information technology oversight by NITDA. The oversight shall involve oversight of implementation of prescribed security controls and processes.
NITDA also directed the firm to draw up a clear data security and governance document between the Electronic Settlement Limited and all its Information Technology services vendors, identifying roles, responsibilities and processes involved in securing and protecting personal data.
The firm was also directed to conduct regular NDPR training for all staff, publish and implement appropriate policies as required by the NDPR.
Electronic Settlement Limited was also asked to submit 2020/2021 regulatory audit as required by Article 4.1.6 of the NDPR, conducted by a Data Protection Compliance Organization (DPCO) as licensed by NITDA.
It was also asked to Conduct Data Protection Assessment on some data intensive applications and products.
NITDA also used the opportunity to encourage every data controller and processor to embark on necessary measures to protect personal data.
The Agency further approved the extension of time to file the annual audit report to 30th June, 2021a, while also reaffirming itd continued commitment to implementing the NDPR vigorously and providing periodic updates to the public with regards to our activities and investigations in discharge of our mandate.
