How to avoid data privacy breach is what many would really like to know.
Meanwhile, does your work or business use emails, phone calls, text messages, cameras, or even programming that collect data?
Also, do you or your company collect data like names, addresses, email, credit cards, contacts, gender etc?
Are the data from customers, students, clients, partners or anybody at all in Nigeria?
Well, if you or your company does, then you must learn how to avoid fines by NITDA over data breaches.
This is because, you or your company can knowingly or unknowingly breach the data privacy rights of people and attract penalties.
So, to avoid the kind of fine that NITDA slammed on lending platform, Soko Loan, then don’t stop reading this.
What You need to know about NITDA’s fine against Soko Loan:
The National Information Technology Development Agency (NITDA), fined online lending platform, Soko Loan N10 Million for data privacy breach.
The agency fined Soko Lending Company Ltd. for unauthorised disclosures and failure to protect customers’ personal data.
Head, Corporate Affairs and External Relations, Mrs Hadiza Umar, said NITDA fined Soko Loan for defamation of character.
The agency also fined the lending platform for violating the provisions of the Nigeria Data Protection Regulation (NDPR).
However, this article will tell you how not to breach data privacy so that you can avoid fines from NITDA.
But before that, let’s get the full details about why NITDA fined Soko Loan.
A look at Soko Loan operation and Complaints from customers:
First, Soko Loan allows its customers take loans without collaterals.
Then, the customer or loanee must download its mobile application on their phones.
Also, the lonees or customers then activate a direct debit in the company’s favour.
But, unknowingly, the application gains access to the loanee’s phone contacts.
However, many customers of the lending platform complained that Soko Loan invaded their data privacy.
They also noted that the platform defamed their character by disclosing their personal and private data to third parties.
ALSO READ: Breaking: Hackers Steal Data From 47m T-Mobile Customers, Demand Bitcoins; How You’re Victim
Also, Soko Loan gained unauthorized access to its customers’ list of phone contacts without their knowledge.
Additionally, the lending platform was unwilling to cooperate with the Data Protection Authority.
Specifically, one of Soko Loans customers had failed to meet up with his repayment obligations.
He could not meet up due to insufficient credit in his account on the date the direct debit was to take effect.
Consequently, the company unilaterally sent privacy-invading messages to the complainant’s contacts.
NITDA investigates, fines Soko Loan:
The agency investigated the lending platform over the complaints and find the platform.
“The agency’s investigation further revealed that the company embeds trackers that share data with third parties inside its mobile application without providing users information about it or using the appropriate lawful basis.
“NITDA has, therefore, found Soko Loan and its entities in violation of use of non-conforming privacy notice, contrary to the content of the NDPR, insufficient lawful basis for processing personal data, contrary to Articles 2.2 and 2.3 of the NDPR.”
NITDA also said Soko Loan operated “illegal data sharing without appropriate lawful basis, contrary to Article 2.2 of the NDPR, unwillingness to cooperate with the Data Protection Authority, contrary to Article 3.1 (1) of Data Protection Implementation Framework and non-filing of NDPR audit reports through a licensed Data Protection Compliance Organisation (DPCO).”
“In view of the foregoing and in consideration of its implication on the privacy of Nigerians and erosion of trust in the digital economy, NITDA hereby imposes a monetary sanction of N10 million on Soko Lending Company Ltd.
“NITDA also directs that no further privacy-invading messages be sent to any Nigerian until the company and its entities show full compliance with the NDPR.”
Data Rights And Regulation You Must Know To Avoid Data Breaches:
To avoid fines and breaching data privacy of people, you must adhere to the provisions of the Nigerian Data Protection Regulation:
This Nigeria Data Protection Regulation of 2019 protects data privacy rights of people and stipulates penalties for breaching such rights.
This regulation is binding on every Nigerian citizen, including those residing outside the country.
It is also binding on anybody or entity dealing with data collection, processing, storage and usage with computers in Nigeria.
The governing principles of the regulation hold that you can collect and process a person’s personal data if they consent to it.
It also maintains you must care for any personal data you collect form people and prevent the data from damage.
The regulation state that you must protect the data from virus or cyberattacks, fire, manipulation of damage from rain.
However, you may be asking what then is data?
Data include characters, symbols and binary on which operations are performed by a computer.
It can be about a person’s gender, genetic, physical, physiological, mental, economic, cultural or social identity.
Data includes person’s name, an identification number, location data or an online identifier.
It can also be about a person’s address, a photo, an email address, bank details or posts on social networking websites.
Others are medical information, IP address, IMEI number, IMSI number, SIM, BVN or Personal Identifiable Information (PII).
Personal Data Breach:
Meanwhile, “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction of personal data.
It could also be accidental or unlawful loss, alteration, access or disclosure of personal data without authorization.
It also includes unauthorized transmission of a person’s Personal Data, processing or storing without their consent.
The fines for breaching this right includes N2 million or 1% of Annual Gross Revenue for individuals handling data of below 10,000 people.
Also, for those handling data of over 10,000 people, breaching the regulation attracts N10 million fine or 2% Annual Gross Revenue.
Section 2 (10) of the NDPR provide the penalties for breaching data privacy rights.
So, if you are a PoS vendor using credit cards or school’s departments administrator registering students, you should know this.
Found this interesting? Share!