Investigation Launched into Alleged Privacy Breach in NIN Database by NDPC.
The Nigeria Data Protection Commission (NDPC) has initiated a probe into potential privacy breaches within the National Identification Number (NIN) database, overseen by the National Identity Management Commission (NIMC).
In response to growing public concerns regarding reports of unauthorized access to personal data stored in the NIN database, NDPC’s Head of Legal, Enforcement, and Regulations, Babatunde Bamigboye, announced that the National Commissioner, Dr. Vincent Olatunji, has authorized a comprehensive investigation.
Internal Inquiries Acknowledging that NIMC has also initiated an internal investigation to address these allegations, NDPC has pledged to collaborate closely with NIMC to identify and hold accountable any individuals responsible for the breach.
Bamigboye stated, “We are aware of NIMC’s internal investigation and appreciate their commitment to cooperating with NDPC. We will leave no stone unturned in investigating any unauthorized access and subsequent misuse of personal data. Those found in violation of the Nigeria Data Protection Act, 2023 will face legal consequences.”
NDPC’s Response and Accountability The NDPC further stated its intention to work alongside relevant agencies to audit the alleged unauthorized data access and its potential monetization. Any individuals found to have violated data protection laws will be prosecuted accordingly.
To ensure transparency, the National Commissioner has instructed that preliminary findings of the investigation be disclosed to the public within seven days.
ALSO READ: Top 10 Influential Female Venture Capital Executives Boosting Nigeria’s Thriving Startup Ecosystem
Recent Allegations Recent reports, including one by the Foundation for Investigative Journalism (FIJ), have brought to light the operations of a website called XpressVerify.com, which allegedly has unfettered access to the NINs and personal information of Nigerian citizens.
According to the FIJ report, XpressVerify.com has been accused of monetizing the retrieval of NINs and associated personal data from the National Identity Database. The website purportedly allows access to sensitive details such as phone numbers, full names, addresses, and photographs for a fee as low as N200.
Moreover, the report suggests that there are no restrictions on the types of information that can be accessed or the number of queries that can be made, raising serious concerns about data security and privacy.
Legal Mandate Section 14 of the NIMC Act 2007 explicitly mandates NIMC as the sole entity responsible for the creation, management, maintenance, and operation of the National Identity Database. Any breach of this mandate is subject to legal scrutiny.
In conclusion, the NDPC’s investigation aims to address the alleged privacy breach and safeguard the personal data of Nigerian citizens as mandated by law.
