With the fast digital transformation of higher education institutions and the use of online learning platforms, University ICT centres have to deal with a significant amount of sensitive data, raising significant privacy and cybersecurity issues. This paper discusses the design, deployment and evaluation of a Data Protection Framework (DPF) for the ICT Centre of Lagos State University of Science and Technology (LASUSTECH). A vulnerability assessment was carried out using a design science research approach to identify the major security risks, such as weak access controls, unencrypted devices, cloud storage vulnerabilities, threats from removable media, and password-based attacks. The proposed framework integrates four key components: access control, data encryption and backup, auditing and compliance, and incident response and training. Security mechanisms include Role-Based Access Control (RBAC), Multi-Factor Authentication (MFA), Biometric Access Control, AES-256 encryption, secured backup and recovery procedures in line with Nigeria Data Protection Act (2023), NDPR and ISO/IEC 27001 standards. The evaluation results indicated 75% reduction in unauthorized access attempts, 91% of staff adopting MFA, incident response time from 24 hours to less than 6 hours and an increase in cybersecurity awareness participation from 42% to 86%. This framework improves data protection, compliance, institutional resilience, and stakeholder confidence and provides a scalable model for higher education institutions.

Keywords: Data Privacy, Data Security Framework, Higher Education Institutions, Role-Based Access Control, Multi-Factor Authentication.