Professional Documents
Culture Documents
Enforcement of Data Protection Breach in Nigeria
Enforcement of Data Protection Breach in Nigeria
COMPILED BY:
Classwork
1. There seems to be conflict between the Federal High Court of Abuja decision
in DRLI v. Unity Bank (unreported Suit FHC/AB/C/85/2020) and Lagos
State High Court decision in Okafor v. Okafor (Unreported Suit
LD/12264/MFHR/21). Court in DRLI v. Unity Bank held that a data subject
cannot approach court for redress without first lodging complaints with DPA.
However, Lagos State High Court in Okafor v. Okafor held that data subject
can seek redress without making redress to the investigative power of the
DPA. The National Commissioner of the Nigeria Data Protection Commission
has invited you to address him on this, what will your advice be?
2. Bertha Medical Record (BMR) is an online application owned by Dr. Bertha
Okezie in partnership with her husband, Engr. Bryan Okezie. Their
application aims to profile the medical records of users and create an
interconnected medical system accessible to various medical establishments
for informed treatment decisions. BMR collects and updates users' medical
records based on prescriptions and hospital visits. Dr. Bertha Okezie has
consistently prioritized data security, employing reputed professionals to
safeguard records. Recently, they hired a cybersecurity expert, Mr. Omede,
who claimed Harvard training, though his credentials were not verified.
During trial and error, Mr. Omede mistakenly exposed users' medical records,
leading to data leakage, including information on high-profile individuals.
Aggrieved users have reported the breach to the Nigeria Data Protection
Commission (NDPC). Dr. Okezie asserts they were not complicit and always
adhered to best practices in data protection. They recommend holding Mr.
Omede liable. The NDPC seeks your advice on this matter. Kindly provide
well-grounded guidance on the appropriate course of action.
3. Does the provision of Section 52 appear like double jeopardy to you? Write a
short legal opinion.
4. Discuss the facts and decision of the Ecowas Court of Justice in
INCORPORATED TRUSTEES OF DIGITAL RIGHTS LAWYERS
INITIATIVE & ORS v. THE FEDRAL REPUBLIC OF NIGERIA
(2023) ECWA/CCJ/JUD/02/23
5. Ayoola Bank PLC is a commercial bank in Ghana and has been in operation
for the last 10 years, the bank is considering starting a branch in Nigeria. The
Board has director has sought your legal opinion on the customer data
protection policy in Nigeria. Kindly write them a letter from your chambers
explaining the liability of data controller in a situation of data breach. You are
advised to support your letter with statutory authorities.