In December 2019, the personal data of numerous taxpayers in Lagos State was leaked on the payment portal of the Lagos Internal Revenue Service (LIRS), violating not only their right to privacy under the Constitution but also the provisions of the Nigeria Data Protection Regulation (NDPR) 2019 issued by National Information Technology Development Agency (NITDA) – the regulator.
The Director General of NITDA, Kashifu Inuwa, made this known on Friday in a statement he signed and issued in Abuja. Mr Inuwa said LIRS published a web portal with an address where personal information of taxpayers in the state was exposed to the public.The director said though the state government had taken steps to mitigate the glitch, it was still against the Nigeria Data Protection Regulation (NDPR) and NITDA Act of 2007.
It should be noted that concerns were expressed over the ability and suitability of NITDA to play the role of a data protection agency in Nigeria. One would have thought the agency would work to prove doubters wrong by ensuring that violations against its regulations are duly punished.
It is known that the Digital Rights Lawyers Initiative (DRLI) has filed suit No. FHC/L/CS/56/2020 against both LIRS and NITDA on the data breach seeking orders mandating NITDA to fine LIRS as provided under the NDPR to the tune of 2% of their annual gross revenue.
In addition to the specified fine, the NDPR provides for compensation for victims of a data breach, but the Lagos State government has said nothing about this, in spite of their admission of guilt.
Concerned thoughts revolve around NITDA to stop paying lip service to data protection In Nigeria and to fulfill its role as a regulator on one hand and Lagos State government to compensate victims of the data breach as admitted. NITDA is urged by the concerned publics to give an update on all data breaches reported to it since the inception of the NDPR.
Write to us firstname.lastname@example.org