Benjamin Babine, Abuja
The National Information Technology Development Agency (NITDA) has fined Electronic Settlement Limited the sum of N5m for personal data breach.
In a statement on Monday, signed by its Head, Corporate Affairs and External Relations, Mrs Hadiza Umar, the agency said the company would pay the sum as fine and would also be under a six-month information technology oversight.
NITDA went on to say the company has taken full responsibility for the breach, updated identified security issues, recruited a data protection compliance organisation, submitted its annual Nigeria Data Protection Regulations (NDPR) audit report and generally improved its compliance with the NDPR.
It commended the company for actions taken to mitigate the breach and cooperating with NITDA investigation team, adding that it demonstrated its sense of responsibility and duty to protect the data of Nigerians.
The agency also explained that to prevent a repeat of such breach, it will oversee a six month information monitoring on the firm, in compliance with the NDPR.
“The oversight shall involve oversight of implementation of prescribed security controls and processes,” Umar said.
NITDA also requested for a clear data security and governance document drawn up between the company and all its IT services vendors, identifying roles, responsibilities and processes involved in securing and protecting personal data.
The agency directed the firm to conduct regular NDPR training for all staff, publish and implement appropriate policies as required by the NDPR.
It told the company to ‘submit 2020/2021 regulatory audit as required by Article 4.1.6 of the NDPR, conducted by a Data Protection Compliance Organisation as licensed by NITDA and conduct Data Protection Impact Assessment on some data intensive applications and products.”