NDPC asks INEC for clarification on alleged data breach

In Abuja, the Nigeria Data Protection Commission (NDPC) announced that it has issued two formal requests for the Records of Processing Activities (ROPA) from the Independent National Electoral Commission (INEC) amid concerns over a potential data breach.

National Commissioner Dr. Vincent Olatunji made the statement during a media briefing marking the commission’s third anniversary. He explained that the requests were prompted by the signing of the Nigeria Data Protection Act by President Bola Tinubu on 12 June 2023, and that they are part of a broader effort to protect the integrity of Nigeria’s electoral database.

“We treat every reported breach with diligence and act on all cases that come to us, regardless of the institution involved,” Olatunji said. “No breach has gone unaddressed, whether in the public or private sector.” He added that the matter is particularly sensitive as the country approaches another election, and that the NDPC is acting urgently.

The commissioner highlighted that the NDPC has investigated a range of organisations, including Meta, TikTok, Temu, Remita, and Sterling Bank, and that no entity is exempt from scrutiny. He noted that all invited organisations have complied with investigations, saying, “I cannot remember any organisation that was invited and did not show up. All of them have appeared and engaged with us.”

Olatunji described the commission’s regulatory approach as developmental and compliance‑driven rather than punitive. After investigating a breach, the NDPC conducts a comprehensive assessment of an organisation’s data protection practices, covering registration status, audit filings, appointment of data protection officers, privacy policies, and technical safeguards. Organisations with strong compliance records are typically directed to remedy identified gaps within a set timeframe and may be required to pay remediation fees instead of fines.

“The objective is compliance, not punishment. We do not want to stifle innovation or drive away investors,” he said. “Our law is a developmental law designed to stimulate sustainable growth.”

The NDPC’s dispute with Meta, which led to a court case after the company challenged a $32 million penalty, was later settled out of court. Olatunji said the settlement included measures to ensure compliance and support data protection initiatives in Nigeria. He added that the commission could have imposed a higher sanction but chose a settlement to protect the economy and the millions of Nigerians who rely on Meta platforms for their livelihoods.

“What we desire is compliance, not embarrassment or driving companies or investors away from Nigeria,” Olatunji said. “The agreement reached is a win‑win situation that protects Nigerians and ensures responsible handling of personal data.”

He reaffirmed the NDPC’s commitment to high ethical standards, stating that integrity and credibility remain central to its operations. The commissioner also pledged that the commission would continue to collaborate with stakeholders across the public and private sectors to deepen data protection and privacy awareness in the country. (NAN)

The post NDPC seeks clarification from INEC over alleged data breach appeared first on Vanguard News.