By 
NIS data breach: IT Edge News has covered the names
By Osasome, C.O
NIS Faces Backlash for Violating Nigerian Data Privacy Law
The Nigeria Immigration Service (NIS) has come under criticism for publishing a list of uncollected passports, which includes personal details such as names and passport numbers, on its website: Uncollected Passports – Nigeria Immigration Service
RELATED: NDPC launches probe into alleged privacy breach at NIMC by XpressVerify.com
The NIS’s actions have raised concerns about the country’s data protection regulations. Specifically, the Nigerian Data Protection Act (NDPA) of 2023 aims to safeguard citizens’ personal data. The NDPA emphasises the importance of protecting personal information. The Act defines it as any data that can identify an individual, directly or indirectly . In this case, publishing uncollected passport details may be considered a breach of the regulation.
This action has sparked concerns from the Nigeria Data Protection Commission (NDPC), which says it undermines the NDPA.
NDPC to Engage NIS Over Privacy Breach
Officials from the NDPC have confirmed that they will engage the NIS this week to address the issue. “We’ll definitely take them up,” stated a senior NDPC official. The commission is taking the matter seriously as it directly violates the data protection standards established by the NDPA. This regulation determines how both public and private entities handle personal data.
NDPA: Key Privacy Standards
The Nigeria Data Protection Act, enacted on June 12, 2023, is the country’s principal legislation governing data protection. It mandates that personal data must be processed in accordance with specific, legitimate, and lawful purposes, all of which must be consented to by the data subject.
“There is so much ignorance on privacy obligations and the rights of data subjects,” a senior government official commented in Abuja. Under the NDPA, the improper display or publication of personal data, such as names and passport numbers, is a clear violation of privacy.
Public Concern Over Data Misuse
The public outcry over the NIS’ action has been widespread. “Name and passport number displayed in plain sight? Is this a hoax or what? This is totally wrong,” said a concerned citizen, writing from the US to IT Edge News.Africa. The NDPC’s swift intervention aims to prevent further privacy breaches and ensure that the NIS complies with data protection laws.
What’s Next for the NIS?
As the NDPC prepares to engage with the NIS, it is expected that the immigration service will be asked to remove the personal data from its website immediately and improve its handling of sensitive information moving forward. The outcome of this engagement could set a precedent for future data protection enforcement in Nigeria, highlighting the need for greater awareness and adherence to privacy obligations under the NDPA.
