In a troubling development, Nigeria is struggling with a sharp rise in Data Privacy breaches, even as the government intensifies efforts to enforce stricter Data Protection laws. The Nigeria Data Protection Commission (NDPC) has reported a significant increase in investigations into unauthorised data access, identity theft, and other privacy violations. Despite introducing the Nigeria Data Protection Act in 2023 and reinforcing regulatory oversight, the surge in breaches underscores the challenges of protecting personal information in an increasingly digitised economy.
Also, the 2024 NDPC Annual Report reveals a worrying trend, with investigations into data privacy violations jumping to 213 cases, up from 177 in 2023 and 117 in 2022. This escalation highlights the growing style of cyber threats and the reluctance of some organisations to comply with information protection measures in the country. As the country strives to balance Economic Growth with technological innovation, the rise in breaches poses significant risks to individuals, businesses, and national security.
Unaccredited access and identity theft dominate systems breaches.
Unauthorised access to personal information remains among the most prevalent issues in the nation’s record privacy system. Many organisations fail to implement robust Security protocols, leaving sensitive information vulnerable to malicious scammers. The ease with which unauthorised personnel or cybercriminals can access personal info raises serious concerns about the effectiveness of existing safeguards. Identity Theft has also become increasingly sophisticated, with cybercriminals using stolen information to defraud individuals and financial institutions. The NDPC report highlights cases where victims faced severe financial and legal consequences due to misusing personal details.
Additionally, behavioural profiling, particularly in the digital advertising sector, has drawn regulatory scrutiny. Companies often track user activities without explicit consent, further eroding trust in digital platforms. The NDPC has introduced several measures to strengthen details protection in response to the surge. One of the key initiatives is the General Application and Implementation Directive, which provides a comprehensive framework covering 42 areas of record protection, including audit filing requirements and compliance principles. The Commission has also made it mandatory for Data Controllers and Processors of Major Importance to register, with over 36,052 organisations already complying.
Regulatory efforts face challenges amid rising breaches.
Despite these efforts, enforcement remains a significant challenge. Many organisations exploit legal loopholes or neglect detailed protection requirements due to insufficient awareness or resources. The NDPC has adopted a restorative justice approach, encouraging businesses to implement corrective measures rather than imposing immediate penalties. However, with breaches becoming more frequent, there is growing pressure on the Commission to impose stricter sanctions on non-compliant entities. Another area of concern is the increasing volume of cross-border information transfers, where Nigerian citizens’ details are moved to foreign entities without adequate protection.
To address this, the NDPC has strengthened international collaborations by signing agreements with information authorities in Canada and the United Arab Emirates. These partnerships ensure citizens’ details are protected under global standards, even when processed outside the country. While these collaborations are a step in the right direction, gaps in enforcement and compliance persist. Many organisations fail to report breaches due to fears of reputational damage, making it difficult for regulators to track and address violations effectively. The slow adoption of international best practices further complicates the creation of a secure digital ecosystem.
Related Article: Data breach worsens privacy crisis in Nigeria
Meanwhile, the financial implications of these breaches are staggering. Nigeria’s Consumer Awareness and Financial Enlightenment Initiative has projected a $6 trillion loss to Cybercrime by 2030, with phishing and identity theft being the primary attack methods. Beyond financial losses, breaches erode public trust as consumers become increasingly cautious about sharing personal details with organisations with poor information governance practices. As the country continues to expand its digital economy, it urgently needs to strengthen protection frameworks and enhance consumer Education initiatives.