Latest Headlines
DATA FOR THE HIGHEST BIDDERS
The breach of the NIMC’s database is a serious crime. The outcome of the investigation must be made public
Following public anxiety after a private company was revealed to be selling the personal information of enrolees, the National Identity Management Commission (NIMC) ordered an investigation regarding allegations of unauthorised access to the commission’s database. A shadowy organisation that is not one of the commission’s licensed partners is being fingered, but there must be collaborators within. “NIMC reaffirms its unwavering dedication to safeguarding, securing, and responsibly managing the data entrusted to us,” the NIMC director general and chief executive officer, Abisoye Coker-Odusote said at the time. That nothing was done after that incident in March this year is now evident in another scandal that the commission has found difficult to wish away.
Last week, Paradigm Initiative, a digital company that works with young people across the continent, confirmed an online report that the National Identity Numbers (NINs), Bank Verification Numbers (BVNs), and other sensitive personal information of Nigerians were indeed available for sale online. “We were able to confirm that what they were selling is NIMC’s data and we have proof.
We got the NIN slip of the Minister of Communications, Innovation, and Digital Economy, Bosun Tijani”, said the executive director of the organisation, Gbenga Sesan, who reaffirmed that the data of Nigerians being sold online were sourced directly from government databases. “We got the NIN slip of the number one data regulator in Nigeria, Vincent Olatunji. We bought them for N100 each to demonstrate that this is not a joke.”
We consider this to be an abuse of personal data, a breach of privacy, and a betrayal of trust. More disturbing is that data breaches are becoming rampant as a growing number of private companies use the personal information of Nigerians for marketing or other reasons unrelated to those for which it
was originally obtained. Although the federal government has promised the usual ‘investigation’, Nigerians do not believe that perpetrators would be apprehended or brought to justice despite the fear of possible misuse of these personal details by unscrupulous persons.
Indeed, the fear is that this sensitive information could fall into the hands of criminals and fraudsters, including ‘Yahoo boys’ who are notorious for committing all
manner of crimes, like identity theft and bank frauds. Such personal information details in their hands will be boon to their criminal businesses. In recognition of this offence, the United Nations, in a resolution adopted by the General Assembly on 18 December 2013, titled ‘The right to privacy in the digital age’, called on member States to institute laws to put an end to illegal data collection and abuse of individual privacy. According to the UN, unlawful or arbitrary collection (and misuse) of personal data are highly intrusive acts that violate the rights to privacy and freedom of expression and may contradict the tenets of a democratic society. It therefore calls on all countries to respect and protect the right to privacy, including in the context of digital communication; take measures to put an end to violations of those rights and create the conditions to prevent such violations. Such recommended measures include ensuring that relevant national legislation complies with their obligations under international human rights law and enacting appropriate legislation regarding the surveillance of communications, their interception and the collection of personal data.
From the CBN to the Federal Road Safety Corps to the Nigeria Immigration Service (NIS) and others, Nigerians are daily subjected to a multiplicity of data collection. In the last few months, all the telecoms’ networks in the country have also directed their clients to link up their Subscribers Identification Module (SIM) with NIN which have also been largely complied with. Earlier this year, the Nigeria Data Protection Bureau (NDPB) announced that it was investigating two frontline banks in connection with alleged “unlawful disclosure of banking records to a third party, unlawful access, and processing of personal data.” At about the same period, the Bureau said it was investigating 110 companies for what it called “data breach”, stating that these firms included online lending companies, banks, telecom companies, and gaming companies. We do not know what has happened to that investigation. Violating the Nigeria Data Protection Act is a serious national security breach that should be taken seriously. Anybody found culpable in the latest scandal should be brought to justice.