Nigeria is experiencing a significant rise in data privacy breaches despite increased regulatory oversight by the Nigeria Data Protection Commission (NDPC). The country has seen escalating incidents of unauthorized data access, identity theft, and non-compliant mobile app practices. These breaches persist even as data protection laws, particularly the Nigeria Data Protection Act of 2023, are being reinforced. The surge highlights the tension between businesses leveraging personal data for commercial benefits and the government’s efforts to ensure compliance with privacy regulations.
Nigeria ranks fourth among African countries for the most data breaches, with over 19 million breached accounts in 2024. The growing frequency of data breaches threatens both national security and financial stability, particularly in sectors like finance and e-commerce. These incidents expose Nigerians to risks such as identity theft and fraud. Data privacy concerns are compounded by unauthorized access to personal data and increasingly sophisticated identity theft schemes. The rise in breaches is also linked to the growing use of artificial intelligence in decision-making without proper oversight.
In response to rising data breaches, the NDPC has introduced stricter regulatory measures, including the General Application and Implementation Directive and mandatory registration for data controllers. The NDPC has also stepped up enforcement, investigating organizations that mishandle personal data. Despite these efforts, non-compliance remains widespread as many businesses exploit loopholes or fail to implement necessary security measures. The NDPC’s restorative justice approach encourages businesses to correct their data protection practices rather than face immediate penalties, but stricter sanctions may be needed as breaches continue to rise.
Data breaches carry significant financial and reputational risks for businesses, especially in sectors like finance. The Consumer Awareness and Financial Enlightenment Initiative warns of an expected $6 trillion loss by 2030 due to cybercrime, particularly identity theft and phishing. Beyond financial losses, these breaches undermine public trust and erode consumer confidence. As more Nigerians become aware of their data rights, businesses with poor data governance practices risk losing customers and investors. While penalties for non-compliance are expected to tighten, businesses must also prioritize strengthening data security frameworks.
Experts point to the lack of public awareness as a major factor contributing to the surge in data breaches. Many Nigerians remain uninformed about their data privacy rights, leaving them vulnerable to exploitation. Furthermore, businesses often fail to implement necessary data protection measures or appoint qualified data protection officers. Experts argue that public education is key to addressing these challenges. Calls for stronger collaboration between regulators, businesses, and the public highlight the need for proactive measures to improve data privacy awareness, both at the consumer and organizational levels.
Source: Punch