Nigeria data protection law long overdue –CSEAN
As Nigeria joined the rest of the world in marking 2017 data privacy day, recently the Cyber Security Experts Association of Nigeria (CSEAN) said that the nation’s distinct data protection law is long overdue.
National President of CSEAN, Mr. Remi Afon, said that CSEAN is using the occasion of commemorating the world data privacy day to urge the lawmakers in the country to as matter of urgency enact a data protection law that will control how personal information is being used by government, organizations and businesses in order to guide against misuse of data and ensure adequate security to protect personal data.
“The law if implemented will among other things guarantees that personal information is not kept longer than necessary and not transferred outside Nigeria without adequate protection,” Afon said.
Afon disclosed that every January 28, has been designated as Data Protection Day globally, a day set aside to raise awareness and promote privacy and data protection best practices.
CSEAN, he said will be observing the day by emphasizing on some of the data protection issues commonly faced as a nation and how individuals could protect their personal data via social media, symposium and press releases.
According to him, Nigeria boasts of a population of over 180 million people, adding that the value of this figure in economic terms is huge, hence the government through its agencies and different organisations collect, process and store the personal data of citizens on regular basis.
“This is not unusual as many governments all over the world do the same for many reasons such as administration, surveillance and public policy. However without a secure central database where such information is stored combined with a strong legal framework that ensures that such data is protected, there is potential for abuse,” he added.
CSEAN president bemoaned that Nigeria neither have a central database nor data protection framework in place which has caused different government agencies and private organisations such as Independent National Electoral Commission (INEC), National Identity Management Commission (NIMC), Commercial Banks, and Telecommunications Industries collecting massive personal data.
“These personal data include biometric data, financial information and Personally Identifiable Information (PII). Medical records are also being processed on a daily basis by hospitals and private clinics with mere reliance on a professional code of ethics,” he stressed.
He highlighted that currently where governments and organizations face heightened threat landscape with data breaches continuously on the rise and cybercriminals on the loose, nothing less than an up to date, single and comprehensive enactment of data protection law could adequately match this threat.
He cited that such laws have been enacted in other parts of the world, and South Africa that recently enacted the Protection of personal Information Act 2013 after the mould of the Data Protection Act 1998 of the United Kingdom.
“A common feature of such laws are provisions which ensure that an individual’s personal data is not only collected lawfully but also used lawfully, kept securely and not circulated without due process and consent of the individual,” he pointed out.
He affirmed that lack of similar enactment in Nigeria gives room for abuse, and harped on the urgent need for a data protection law in Nigeria to strike a balance between the rights of individuals to privacy and the ability of organisations to use data for the purposes of which they were collected and nothing more.
“This will set basic rules of registration for users of data and rights of access to that data for the individuals to whom it is related,” the CSEAN president said.
