In response to the unauthorized NIN verification incident involving expressverify.com, the National Identity Management Commission (NIMC) has announced heightened scrutiny measures for its licensees.
RELATED: NDPC launches probe into alleged privacy breach at NIMC by XpressVerify.com
Following investigations into the matter, it was discovered that a third-party entity, originally authorized to provide verification services, may have allowed expressverify.com access to NIN verification credentials.
The circumstances surrounding this permission are currently under investigation, said Babatunde Bamigboye, Head of Legal, Enforcement and Regulations, Nigeria Data Protection Commission (NDPC) in a statement.
Adding: “To address this issue, NIMC has implemented remediation protocols, including temporarily suspending all access to its database. While necessary, this action impacted genuine verification requests. However, after careful review, limited access has been reinstated for select establishments providing essential public services.
“Ongoing investigations aim to determine how expressverify.com obtained the credentials and establish liability according to existing laws. Consequently, data processing activities by licensees will undergo increased scrutiny, with only compliant entities permitted to conduct NIN verification.
“Additionally, NIMC will conduct intensive training sessions to ensure personnel and licensees are well-versed in the regulatory obligations outlined in the Nigeria Data Protection Act and NIMC’s Privacy Policy.”
The NDPC has also urged the public to recognize the importance of the NIN for sustainable development. “While efforts to enhance data protection measures are underway, citizens are reminded to exercise caution when sharing personal information online to avoid potential risks.”