The National Information Technology Development Agency has fined Electronic Settlement Limited the sum of N5m for personal data breach.
This was contained in a statement on Monday titled ‘NITDA sanctions Electronic Settlement Limited for data protection breach…. imposes N5m fine’ and signed by the NITDA Head of Corporate Affairs and External Relations, Hadiza Umar.
She commended the company for actions taken to mitigate the breach and cooperating with NITDA investigation team, adding that it demonstrated its sense of responsibility and duty to protect the data of Nigerians.
According to her, the firm took full responsibility for the breach, updated identified security issues, recruited a data protection compliance organisation, submitted its annual Nigeria Data Protection Regulations audit report and generally improved its compliance with the NDPR.
She however noted that in compliance with the NDPR and to prevent a repeat of such breach, the company would pay as N5m fine and would be under a six-month information technology oversight by NITDA.
“The oversight shall involve oversight of implementation of prescribed security controls and processes,” Umar said.
NITDA also requested for a clear data security and governance document drawn up between the company and all its IT services vendors, identifying roles, responsibilities and processes involved in securing and protecting personal data.
The agency directed the firm to conduct regular NDPR training for all staff, publish and implement appropriate policies as required by the NDPR.
It told the company to ‘submit 2020/2021 regulatory audit as required by Article 4.1.6 of the NDPR, conducted by a Data Protection Compliance Organisation as licensed by NITDA and conduct Data Protection Impact Assessment on some data intensive applications and products.”
NITDA encouraged data controllers and processors to embark on necessary measures to protect personal data, adding that the agency had approved the extension of time to file the annual audit report to 30th June, 2021.