NIMC’s licensees undergo more scrutiny for alleged data breach

Licensees of National Identity Management Commission (NIMC) have been directed to provide verification services in line with Nigeria Data Protection Commission (NDPC) move to scrutinize their operations.

 

According to The Nation, NDPC’s decision is to forestall any form of data breach from third party agents unaware of the provisions of Nigeria Data Protection Act 2023 and NIMC Privacy policy regarding citizens data.

 

It was also learnt that NIMC and NDPC has expressed concerns over the incident of unauthorised National Identity Numbers (NIN) verification by expressverify and has now launched investigations to unravel the truth.

 

It is speculated that a third-party who, among others, was originally authorised to provide verification services to citizens and genuine businesses might have allowed the website to use its NIN verification credentials to conduct verification.

 

Head of Legal Enforcement and Regulations of the NDPC,  Barrister Babatunde Bamigboye said in a statement;

 

“The circumstances surrounding this permission is still under investigation.

“To remedy this incident, National Identity Management Commission (NIMC), in line with established remediation protocols, barred all forms of access to its database. Though necessary, barring all forms of access affected all genuine and crucial verification requests.

“After a painstaking review, limited access has been granted to few establishments that are providing pivotal public services such as education and security.

“Ongoing investigation – by relevant agencies – seeks to establish the medium through which expressverify obtained the credentials of bona fide third parties and to determine the liability of persons involved in line with extant laws. ”

ALSO READ  Alliance Hospital CEO, Christopher Otabor, others to face organ harvesting charges in court

 

Bamigboye also said series of intensive trainings will be conducted in order to ensure that personnel and licensees are abreast of the duty of care and the standard of care mandated by the Nigeria Data Protection Act, NIMC’s Privacy Policy and other relevant regulatory protocols.

 

He added;

 

“While existing technical and organizational measures are being strengthened to ensure the protection of this data, it is important for citizens to ensure that they are not left unidentified in various frameworks for development. It is equally important to be vigilant when sharing personal information on various online platforms.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here