Lagos Internal Revenue Service Data Breach: NITDA must wield the big stick

Gris Global

Largest Internet Space for Collaborative Learning

Inside AfricaNews

Lagos Internal Revenue Service Data Breach: NITDA must wield the big stick

Data Breach by LIRS Why NITDA must wield the big stickAccording to Enough is Enough Nigeria (EiE) and Paradigm Initiative (PIN), last year December 2019, the personal data of numerous taxpayers in Lagos State was leaked on the payment portal of the Lagos Internal Revenue Service (LIRS).

This move does not only violate their right to privacy under the Nigerian Constitution but also the provisions of the Nigeria Data Protection Regulation (NDPR) 2019 issued by National Information Technology Development Agency (NITDA) – the regulator.

It should be noted that we [the Group] had expressed reservations over the ability and suitability of NITDA  to play the role of a data protection agency in Nigeria. One would have thought the agency would work to prove doubters wrong by ensuring that violations against its regulations are duly punished.

We are mindful that the Digital Rights Lawyers Initiative (DRLI) has filed suit No. FHC/L/CS/56/2020 against both LIRS and NITDA on the data breach seeking orders mandating NITDA to fine LIRS as provided under the NDPR to the tune of 2% of their annual gross revenue. We are monitoring this process and we will work with the litigant to ensure it is seen to a reasonable conclusion.

READ: Paradigm Initiative calls on Liberia authorities to respect Henry Pedro Costa’s rights

In addition to the specified fine, the NDPR provides for compensation for victims of a data breach, but the Lagos State government has said nothing about this,  in spite (or despite?) of their admission of guilt.

Enough is Enough Nigeria (EiE) and Paradigm Initiative (PIN) has called upon NITDA to stop paying lip service to data protection In Nigeria and to fulfill its role as a regulator on one hand and Lagos State government to compensate victims of the data breach as admitted. NITDA must give an update on all data breaches reported to it since the inception of the NDPR.

Finally, Nigeria should enact a data protection law duly passed by the National Assembly and signed by the president. The law should set up an independent Data Protection Authority with core mandate for data protection in Nigeria.

Comment here