Nigeria is grappling with a severe privacy crisis as multiple data breach incidents have exposed the personal information of millions of citizens. The latest discovery by Paradigm Initiative reveals a website, AnyVerify, selling sensitive data, including National Identity Numbers (NIN), Bank Verification Numbers (BVN), Driving Licenses, International Passports, Tax Identification Numbers (TIN), Permanent Voter’s Cards (PVC), and phone numbers, for a mere ₦100. This egregious breach follows a similar incident in March, where XpressVerify was found to be accessing and selling Nigerians’ personal data, including NIN and personal details, for just ₦200.
The Nigerian Data Protection Act 2023 and the Nigeria Data Protection Commission were established to regulate data protection, but the recurring incidents of data breaches and unauthorized sale of Personal Data highlight the need for stronger enforcement and penalties for non-compliance. Despite the 1999 Constitution recognizing privacy as a fundamental human right, the lack of effective implementation and enforcement puts citizens’ privacy, economic stability, personal safety, and financial Security at risk. The Act and Commission must be strengthened to ensure robust data protection, and those responsible for data breaches must face severe penalties to deter future violations.
Initiative serves government agencies pre-action notice.
Cybersecurity experts emphasize the importance of robust measures to prevent data exposure and sales, which have resulted in personal and financial losses for many Nigerians. “When these regulations are flouted, citizens’ privacy, economic stability, personal safety, and financial security are compromised,” said Adedeji Adedoyin, a cybersecurity expert. He reiterated that as more people depend on online services for their daily activities, they do it in trust that the managers behind these online services will do everything to protect their personal information from illegal exposure and personal risk. “But as we have seen over time,” he said, “enough is not done by these businesses and government agencies to put measures in place to prevent the exposure and sales of private data, which unfortunately has led to personal and financial losses.”
Paradigm Initiative, a social enterprise advocating for digital rights, has served a pre-action notice to relevant government agencies, including the National Identity Management Commission (NIMC), Nigeria Data Protection Commission (NDPC), Nigeria Immigration Service (NIS), Federal Inland Revenue Service (FIRS), Central Bank of Nigeria (CBN), Independent National Electoral Commission (INEC), Federal Road Safety Corps (FRSC), and the office of the Attorney General of the Federation (AGF), demanding action to address these breaches and protect citizens’ data. The frequency and severity of these data breaches shows the need for urgent action to strengthen data protection laws and enforcement in Nigeria.
Need for transparency in data management in Nigeria.
Citizens’ personal information is vulnerable, and the consequences of inaction could be devastating. The lack of effective data protection measures has far-reaching consequences, including identity theft, financial fraud, and surveillance. The privacy crisis in Nigeria demonstrates the need for a detailed approach to data protection, including robust regulations, enforcement, and public awareness. Also, the data breach incidents in Nigeria have raised concerns about the country’s ability to protect sensitive information. The sale of personal data by websites and private companies has exposed citizens to various risks, including stalking, harassment, and discrimination.
As well, the lack of effective data protection measures has also undermined trust in government agencies and private companies, which are responsible for managing sensitive information. In addition, the data breach incidents have highlighted the need for greater transparency and accountability in data management. Citizens have a right to know how their personal information is being used and shared, and they must be protected from unauthorized access and misuse. The government and private companies must prioritize data protection and ensure that robust measures are in place to prevent data breaches and protect citizens’ privacy.
Related Article: Alleged data breach of NIN sparks probe
Finally, the Nigerian government must take immediate action to address the privacy crisis in the country. This includes strengthening data protection laws and regulations, increasing public awareness about data protection, and ensuring that government agencies and private companies are held accountable for data breaches. The government must also establish a robust framework for data protection, including the establishment of a data protection authority, to ensure that citizens’ personal information is protected from unauthorized access and misuse.