The National Information Technology Development Agency (NITDA) has placed a N5 million (Five Million Naira) fine on Electronic Settlement Limited over breach of personal data.
NITDA said that it discovered the data breach after analysing the company’s applications and websites; visiting the company’s office in Lagos, reviewing its technical documents and interrogating its officials.
In a statement by the head, Corporate Affairs and External Relations at NITDA, Mrs Hadiza Umar, the agency commended Electronic Settlement Limited for the actions taken to mitigate the breach.
According to the agency, the firm has taken full responsibility for the breach, updated identified security issues, cooperated with NITDA investigation team, recruited a data protection compliance organization, submitted its annual NDPR audit report and generally improving its compliance with the NDPR.
“The company’s actions demonstrate its sense of responsibility and duty to protect the data of Nigerians and customers in general,” NITDA said.
It added, “The objective of our investigation was to assess the risk resulting from the breach, with a view to identifying the causes, remedial actions taken and other necessary issues to avoid recurrence.
“The company has been well briefed on our prescriptions for better information security and protection of personal data.
Umar said that in compliance with the NDPR and the need to prevent a repeat of this unfortunate breach, NITDA has directed the following:
“Electronic Settlement Limited shall be under a six-month information technology oversight by NITDA. The oversight shall involve oversight of implementation of prescribed security controls and processes.
“That a clear data security and governance document is drawn up between the Electronic Settlement Limited and all its Information Technology services vendors identifying roles, responsibilities and processes involved in securing and protecting personal data.
“That the company conduct regular NDPR training for all staff, publish and implement appropriate policies as required by the NDPR.
“Submit 2020/2021 regulatory audit as required by Article 4.1.6 of the NDPR, conducted by a Data Protection Compliance Organization (DPCO) as licensed by NITDA.
“Conduct Data Protection Impact Assessment on some data intensive applications and products.
“Payment of the sum of Five million Naira only (5, 000, 000. 00) as fine in line with the requirements of the NDPR,”
She expressed NITDA’s appreciation to the general public for their continued interest in ensuring the full implementation of the NDPR to safeguard personal data of citizen.
“NITDA is therefore using this opportunity to encourage every data controller and processor to embark on necessary measures to protect personal data. The Agency has graciously approved the extension of time to file the annual audit report to 30th June, 2021.
THE NEWS1 day ago
BREAKING: Veteran Nollywood actress, Rachael Oniga, is dead
THE NEWS2 days ago
Murdered Super TV boss, Usifo Ataga, laid to rest in Lagos amid tears
THE NEWS2 days ago
Kaduna files fresh charges against El-Zakzaky, wife
THE NEWS3 days ago
BREAKING: IGP orders ‘internal review’ of allegations against Abba Kyari
THE NATION8 hours ago
DCP Abba Kyari’s younger brother deletes pix of luxury cars on Instagram
THE NEWS18 hours ago
JUST IN: EFCC arrests, grills Saraki over fresh allegations of corruption
THE NEWS2 hours ago
Hushpuppi: IGP suspends DCP Abba Kyari
THE NEWS8 hours ago
EFCC releases Saraki from custody after grilling him over ‘money laundering’