The Nigeria Data Protection Commission has announced the commencement of an investigation into a suspected privacy breach concerning the data of Nigerians within the National Identification Number database managed by the National Identity Management Commission.
In a statement issued by Babatunde Bamigboye, the Head of Legal, Enforcement, and Regulations at the NDPC, it was revealed that Dr. Vincent Olatunji, the National Commissioner of the Commission, has ordered a comprehensive investigation following public concerns regarding alleged unauthorized access to enrollees’ personal data by an entity known as XpressVerify.com.
While acknowledging that NIMC has initiated an internal inquiry to address the allegations, the NDPC has pledged to collaborate closely with NIMC to thoroughly investigate the matter and ensure accountability for any wrongdoing.
The NDPC emphasized its commitment to hold any responsible parties accountable, asserting, “We note that NIMC has initiated internal investigation, and it has immediately given full assurances of cooperation with NDPC to get to the root of the allegation and to review existing mediums through which any entity may lawfully verify the identity of enrollees on its platform.”
Additionally, the National Commissioner has instructed that preliminary findings from the investigation be made public within seven days.
Recent reports by the Foundation for Investigative Journalism (FIJ) have alleged that XpressVerify.com, a private website, has unrestricted access to the NINs and personal details of all registered Nigerians, exploiting this information for monetary gain.
The NDPC’s investigation comes in the wake of these allegations, as Section 14 of the NIMC Act 2007 mandates NIMC to be the primary authority responsible for the creation, management, maintenance, and operation of the National Identity Database.