THE NIMC AND DATA PROTECTION
The data breach must be investigated and the culprit brought to justice
In the wake of public anxiety over the security of personal information of enrolees, the National Identity Management Commission (NIMC) last week ordered an investigation in respect of allegations of unauthorised access to the personal data of citizens in the commission’s database. “NIMC reaffirms its unwavering dedication to safeguarding, securing, and responsibly managing the data entrusted to us,” the NIMC director general and chief executive officer, Abisoye Coker-Odusote said. But only after a private company was revealed to be selling the personal data of Nigerians online.
We may need to remind the NIMC that every country is now mindful of how to protect information that could compromise the security of their citizens and when such is breached, they make efforts at damage limitation. That we don’t see such seriousness in our country is where the problem lies. In 2011, for instance, there was a publication on the internet of the names and personal details of some 60 agents of Nigeria’s State Security Service (SSS), including that of its then Director General, Ekpenyong Ita. The leaked details included mobile phone numbers, contacts, and bank account numbers. Nobody was held to account for that serious national security breach.
Perhaps of all the interests at stake in the governance of the digital world, the right to privacy is of utmost importance. Article 17 of the International Covenant on Civil and Political Rights declares that no one shall be subjected to arbitrary or unlawful interference with his privacy, family, home, or correspondence. It is a fundamental right enjoyed by all members of the human community. Yet, according to reports, the National Identity Numbers (NINs) of more than 100 million Nigerians and other personal data may have fallen into wrong hands. A shadowy organisation, XpressVerify.com, which is not one of the commission’s licensed partners, is being fingered.
The anxiety is being heightened by fear of possible misuse of personal details of Nigerians by unauthorised persons. Indeed, the fear is that this sensitive information could fall into the hands of criminals and fraudsters, including ‘Yahoo boys,’ who are notorious for committing all manner of crimes, like identity theft and bank frauds. These are facilitated through the use of the internet. Such personal information details in their hands will be boon to their criminal businesses. Over the years, these fraudsters have wrecked many individuals and groups in society by taking advantage of the rise in online transactions, e-commerce, and the electronic messaging system to commit various crimes. The NIN is more like the DNA of an individual. There are no two persons with the same set of fingerprints, palm prints, or retina in the world.
In recognising its importance, the Central Bank of Nigeria (CBN) had in 2014 introduced the Bank Verification Number (BVN) policy to all commercial deposit banks across the country essentially to check identity theft in the banking system. The CBN has also mandated all bank customers to link their NINs and BVNs to their bank accounts and ordered some restriction on those who did not comply since March 4 this year. Besides, in the last few months all the telecoms’ networks have also directed all their clients to link up their Subscribers Identification Module (SIM) cards with their NINs. It is largely to aid national security. Many of the unregistered SIMs are reportedly among those being used for fraudulent activities, including kidnappings. What all these efforts at data gathering presupposes is that Nigerians can trust the agencies concerned with their personal details.
The NIMC scandal is a serious national security breach that should attract the attention of the presidency. There is need for a serious investigation to unravel what happened and who to hold accountable.
