HOPE MOSES-ASHIKE
The National Information Technology Development Agency (NITDA), the Federal Ministry of Communications has said a currently retained financial auditor cannot perform data auditing service to the same entity.
Adejube Olayinka, director, standard guidelines and framework, NITDA, Federal Ministry of Communications disclosed this at a breakfast session on ‘Managing The New Oil- Data Protection And Management Strategies For The Nigerian Banking Industry’, organised by the Chartered Institute of Bankers of Nigeria (CIBN) Thursday in Lagos.
This move is to enable a smooth implementation of the Nigeria Data Protection Regulation (NDPR). NITDA issued the NDPR on 25th January, 2019 with the aim of stemming the tide of wanton abuse of data privacy, improving the global image of the Nigerian business environment and to stimulate a data economy which would lead to the creation of 300,000 jobs by 2022.
NITDA has selected some auditors and will publish the list in the week beginning from Monday, July 22, 2019, to enable banks to make their right choice of auditors for their data audit processes.
“So these data auditors will ensure they put in place everything they will need to ensure that they are complying,” Olayinka said. He advised the banks to study the regulation properly and develop strategies to comply with it.
In his welcome address, Uche Olowu, president and chairman of the council, CIBN, said Data management and protection issues should be of great concern to all the bankers.
Breaches in data protection guidelines and laws have resulted in reputational damage and a higher risk of illicit activities such as money laundering and identity fraud. Additionally, McAfee, a global computer security software company, reports that 40% of people worldwide feel they lack control over their personal data – and rightly so. Major companies such as Facebook have doused the fire of data breach scandals which put millions of personal records in the hands of criminals.
“The banking and finance sector is not immune to these threats, particularly given the sensitivity of data this industry warehouses”, Olowu said.
Another issue of concern he said is that of consumer consent or rather “Consent Fatigue” where organizations seeking legitimate use of data serve customers with several consent notifications or forms. Customers, without taking the time to fully understand these forms or notifications indicate agreement.
“It is my personal belief that we – the banking community – must display exemplary ethical conduct in the management of personal information and act as shining beacons to other industries”, Olowu added.
NITDA had set the timeline for the implementation of data audit to be July 25, 2019 but banks are saying that the timing is too short.
Olalekan Asikhia, director, CIBN centre for financial studies, said before the implementation there should be a pilot project and that is why the bankers are complaining.
“The law in itself is sufficient enough but there must be a pilot, there must be stakeholders involvement for implementation to be easy and for the whole system to be improved upon”, Asikhia said.
