Bankers Demand Stringent Rules On Data Protection
To ensure data protection of customers in the banking sector, the operators have said they must be more stringent in scrutinising third party engagements.
This was contained in the communiqué issued at the end of the breakfast session on ‘Managing the new oil – Data protection and management strategies for the Nigerian banking sector’ which was organised by the Chartered Institute of Bankers of Nigeria Centre for Financial Studies inLagos.
Part of the communiqué read, “Banks must be more stringent when considering third party engagements. Such engagements must be scrutinised more thoroughly in order to reduce the likelihood of data breaches.”
The CIBNCFS also recommended that behavioural characteristics of those handling sensitive data should be scrutinised, data champions and stewards who would monitor data use from one process (collection, transfer, usage), to the other should be employed, and there should be adequate training and retraining for these agents as well as data controllers handling sensitive data.
The bankers said the IT, compliance and legal departments should work together to determine how to manage data in every organisations.
It stated that it was important for individuals and organisations to gain a better understanding of processes in which data breaches could occur, such as in data collection, transfer or usage.
The bankers said businesses should consider employment of the Data Governance Maturity model.
They also resolved that the National Data Protection Regulation should be further developed for robustness.
However, they added that regulators must ensure that businesses were not stifled in the process.
It stated, “National Information Technology Development Agency should learn from the Central Bank of Nigeria in introducing regulations. The typical process for CBN in introducing regulations involves stakeholder engagements across industries concerned, public and private sector engagementsas well as the development and final adoption of exposure drafts.
“A dispute resolution team should be developed to settle casesof data breaches across various industries. Organise several more fora in thepilot phase of the dispute resolution.
“A more robust response to data breaches should be developed inthe NDPR guidelines. That is, a strong deterrent to breaches in data privacyshould be developed so as to ensure that data breaches are not easy toaccomplish.”
It added that NITDA should ensure that regulation could shieldagainst possible dangers of emerging opportunities such as open banking.