Worried by the alleged privacy breach of citizen’s data at National Identity Management Commission (NIMC), the Nigeria Data Protection Commission, NDPC, called for a full-scale investigation into the alleged unauthorized access to the personal data of enrollees in the database of the commission.
Vincent Olatunji,the National Commissioner,NDPC, in a statement signed by Babatunde Bamigboye, the Head of Legal, Enforcement and Regulations, and issued on Sunday, noted that this investigation is a further regulatory measure to be taken by NDPC in the wake of public concerns over reports of illegal access to personal data of enrollees by a shadowy entity called XpressVerify.com.
Read also: NIMC DG urges registration agents to comply with data law
The statement read in parts, “It will be recalled that prior to now, NDPC has been engaging with NIMC on fostering adequacy of data protection. To this end, NDPC held a training with relevant officers of NIMC early February, 2024. This is one in a continuum of measures being put in place by the Federal Government to ensure data privacy and protection.
“We note that NIMC has initiated internal investigation and it has immediately given full assurances of cooperation with NDPC to get to the root of the allegation and to review existing mediums through which any entity may lawfully verify the identity of enrollees on its platform. Furthermore, NDPC will work with relevant agencies to audit the trails of the alleged unauthorized data processing and monetization of same, and those who are found culpable for violating the Nigeria Data Protection Act, 2023 will be brought to justice.
“The National Commissioner further directed that preliminary findings of the investigation should be made public within seven days”, the statement reads.
Meanwhile,the National Identity Management Commission, (NIMC) has assured Nigerians of their Data security amid speculation of data breach.
A statement signed by Kayode Adegoke, the Head of Corporate Communications, and issued to journalist on Sunday assured the public that there have been no such breaches or inche.
NIMC stressed that its NIN verification and other services portal are intact and save.
The Commission dismissed claim of citizens’ data breach by a private organization, XpressVerify.
Accordingly he said, the Director General and Chief Executive Officer of NIMC, Abisoye Coker-Odusote had ordered investigation into the alleged data breach claim.
“The Commission wishes to state that it offers NIN verification and other services through licensed partners. However, XpressVerify is not one of the Commission’s licensed partners.
“We express our gratitude to our media partners and the whistleblowers for bringing this to our attention and wish to assure Nigerians and legal residents that there is no data breach of any sort and the Citizens’ data is safe and secure in the Nigeria’s National identity database.
Read also: NIMC, NCC partner to enhance seamless NIN-SIM linkage
“Abisoye Coker-Odusote,the Director General and Chief Executive Officer of NIMC, has promptly ordered a comprehensive investigation into the matter to find out if any of the Commission’s Tokenisation verification agents has in any way breach the licensing agreement either directly or through any of their sub-licensees.
“Coker-Odusote affirms the commitment of NIMC to data protection and privacy, and assures that no stone will be left unturned in ensuring the safety and security of the data of all enrollees. ‘Top-level security is in place to protect the NIN and other personal data of every citizen and legal resident, she said.
“NIMC reaffirms its unwavering dedication to safeguarding, securing, and responsibly managing the data entrusted to us. The Commission understands the critical importance of maintaining public trust and confidence in our operations, and we will continue to uphold the highest standards of integrity and accountability”, the statement reads.
