MTN, Airtel, Glo others must now inform subscribers of data breach within 48 hrs

Nigerian Telecom operators have been directed to notify affected customers of any data breach within 48 hours (2 days) of detecting such unauthorised infringement. 

This information is contained in the revised Internet Code of Practice 2026 by the Nigerian Communications Commission (NCC), on February 13, 2026. The document seeks to define the rights and obligations of telecom operators in handing the rights of internet users to an open internet. 

In the move to protect customer information, Mobile Network Operators (MNOs) and Internet Service Providers (ISPs) are to take necessary measures to protect customers’ data from unauthorised use, disclosure, access or breach.

Telecom operators must now notify affected customers within 48 hours of detecting a compromise through text message, email or any other effective means. As contained in Chapter 3.4 of the regulation titled “Data Breach Notifications,”

The telecoms companies are also directed to notify the NCC of such a breach not later than 48 hours after determining such a breach.

“Where full details of the breach are not immediately available, the provider shall issue a preliminary notification within the same period and furnish a comprehensive update within Fourteen (14) days thereafter, or within such extended period as the Commission may approve,” part of the section reads.

The guidelines, according to NCC, are in tandem with the provisions contained in the Nigerian Data Protection Act 2023 and Part VI of Schedule 1 of the Consumer Code of Practice Regulations 2024. 

The regulation also joins other agencies’ policies, ensuring protection. Agencies such as the Nigeria Data Protection Commission (NDPC) and the Federal Competition and Consumer Protection Commission (FCCPC) protect consumers against misuse of personal data, identity theft, financial loss, and reputation damage.

Also Read: New NCC, CBN rule to suspend airtime and data purchase during network downtime.

Transactional data management by telecom operators 

The review comes at a time when privacy becomes core amid frequent breaches and illegal harvest of data such as biometric, national IDs, financial information, traffic and usage, and others. 

Regulations are necessary for the proper handling, consent, and regulatory compliance regarding sensitive data, ensuring it is only processed for legitimate purposes. 

Under Chapter 3.5, the Internet Code of Practice 2026 addressed the handling of harvesting of transactional data by notifying and getting approval from the NCC of any usage by a third party. It noted that the NCC approval will be defined by a review and assessment of such access and “its potential effects on national considerations, consumer information and personal data.”

A smiling elderly Nigerian woman using her phone…

For the over 240 licensed telecom operators in the industry, the regulation provides a ground to foster a safer, more transparent, and open internet environment. Also, it ensures they actively participate in content moderation, child protection, and privacy.

To monitor adherence, operators are expected to submit compliance reports twice a year to the NCC. Through the Commission’s Consumer Web Portal, the regulation also encouraged consumers to make complaints about non-compliance with the Code.

The post MTN, Airtel, Glo others must now inform subscribers of data breach within 48 hrs first appeared on Technext.