The Nigeria Data Protection Commission (NDPC) has initiated an investigation into the reported data breach at the Corporate Affairs Commission (CAC) in pursuance of Section 46(3) of the Nigeria Data Protection Act, 2023 (NDP Act).
In a statement signed by Babatunde Bamigboye, Esq. Head, Legal, Enforcement & Regulations, NDPC, this investigation underscores the importance of fostering trust in Nigeria’s economic environment.
The Commission notes with concern that threat actors in the digital space have devised malicious methods of compromising the data security architecture of key databases. These involve large-scale data exfiltration and cross-platform compromise across interconnected systems.
Also read, NDPC Flags Rising Threats to Nigeria’s Data Infrastructure in Latest Security Advisory
As part of a continuum of regulatory support measures, the National Commissioner/CEO of the NDPC, Dr Vincent Olutunji, has directed the Commission’s technical team to immediately interface with relevant authorities and pivotal organisations, with a view to reinforcing existing guardrails for the processing of personal data.
The investigation of the instant case will, inter alia, cover the procedures and outcomes of Access Control Mechanisms, Data Privacy Impact Assessments, Vulnerability Assessment and Penetration Testing (VAPT), as well as due diligence on third-party data processors.
The NDPC assures members of the general public that frameworks for data protection, in terms of technology and other requisite resources in Nigeria, remain fundamentally strong. This is evident in the increasing rate of access to data-driven services.
The ongoing efforts of the NDPC are necessary regulatory actions geared towards sustaining public trust in these services and bolstering continuous investment in Nigeria’s digital economy.
Don’t miss important articles during the week. Subscribe to techbuild weekly digest for updates
