By Chinenye Anuforo and Adanna Nnamani (Abuja)
The National Commissioner, Nigeria Data Protection Commission (NDPC), Dr. Vincent Olatunji, has ordered a full-scale investigation into the allegations of unauthorised access to the personal data of enrollees in the database of National Identity Management Commission (NIMC).
This investigation is a further regulatory measure to be taken by NDPC in the wake of public concerns over reports of illegal access to personal data of enrollees by a shadowy entity called XpressVerify.com.
NDPC has been engaging with NIMC on fostering adequate data protection. To this end, NDPC held a training with relevant officers of NIMC early February, 2024.
In a statement, , Olatunji said, “We note that NIMC has initiated internal investigation and it has immediately given full assurances of cooperation with NDPC to get to the root of the allegation and to review existing mediums through which any entity may lawfully verify the identity of enrollees on its platform.
“Furthermore, NDPC will work with relevant agencies to audit the trails of the alleged unauthorised data processing and monetisation of same and those who are found culpable for violating the Nigeria Data Protection Act, 2023 will be brought to justice.”
The national commissioner further directed that preliminary findings of the investigation should be made public within seven days.
Meanwhile, the National Identity Management Commission (NIMC) has reiterated that it offers NIN verification and other services through licensed partners.
However, XpressVerify is not one of the Commission’s licensed partners, it added.
It said, “We express our gratitude to our media partners and the whistleblowers for bringing this to our attention and wish to assure Nigerians and legal residents that there is no data breach of any sort and the Citizens’ data is safe and secure in the Nigeria’s National identity database.”
The director general and chief executive officer of NIMC, Engr. Abisoye Coker-Odusote had promptly ordered a comprehensive investigation into the matter to find out if any of the Commission’s Tokenisation verification agents has in any way breach the licensing agreement either directly or through any of their sub-licensees.
Coker-Odusote affirmed the commitment of NIMC to data protection and privacy, and assured that no stone will be left unturned in ensuring the safety and security of the data of all enrollees. “Top-level security is in place to protect the NIN and other personal data of every citizen and legal resident.
“NIMC reaffirms its unwavering dedication to safeguarding, securing, and responsibly managing the data entrusted to us. The Commission understands the critical importance of maintaining public trust and confidence in our operations, and we will continue to uphold the highest standards of integrity and accountability,” she stated.