NIMC Licensees Undergo More Scrutiny For Alleged Data Breach

Licensees of the National Identity Management Commission (NIMC) have been asked to provide verification services in accordance with the Nigeria Data Protection Commission’s (NDPC) efforts to scrutinise their activities.

According to The Nation, the NDPC’s decision is intended to prevent any sort of data breach by third-party agents who are uninformed of the terms of the Nigeria Data Protection Act 2023 and the NIMC Privacy Policy regarding citizens’ data.

It was also discovered that the NIMC and NDPC have voiced worry about the incidence of unauthorised National Identity Numbers (NIN) verification by express verify and have initiated investigations to uncover the truth.

It is claimed that a third party, among others, who was initially approved to provide verification services to individuals and legitimate enterprises, may have let the website to use its NIN verification credentials to conduct verification.

Read Also: NIDCOM, NIMC Plan Easy NIN Collection For Nigerians In Diaspora

Head of Legal Enforcement and Regulations of the NDPC, Barrister Babatunde Bamigboye said in a statement; “The circumstances surrounding this permission is still under investigation.

“To remedy this incident, the National Identity Management Commission (NIMC), in line with established remediation protocols, barred all forms of access to its database. Though necessary, barring all forms of access affected all genuine and crucial verification requests.

“After a painstaking review, limited access has been granted to few establishments that are providing pivotal public services such as education and security.

“Ongoing investigation – by relevant agencies – seeks to establish the medium through which express verify obtained the credentials of bona fide third parties and to determine the liability of persons involved in line with extant laws.”

Bamigboye further stated that rigorous trainings will be performed to ensure that personnel and licensees are aware of the duty of care and the standard of care required by the Nigeria Data Protection Act, the NIMC’s Privacy Policy, and other relevant regulatory processes.

He added; “While existing technical and organizational measures are being strengthened to ensure the protection of this data, it is important for citizens to ensure that they are not left unidentified in various frameworks for development. It is equally important to be vigilant when sharing personal information on various online platforms.”