Incessant data collection process by government agencies, banks and telecommunications companies has raised concerns of Nigerians over data protection capabilities and cyber security risks, as several years of repeated biometric data collections have yielded no visible improvement in government processes and planning.
Analysts question the use of repeatedly collected citizens’ data by different agencies, which is not harmonized.
“It is questionable that people are allowed to register multiple times for the Bank Verification Number (BVN), especially if the names don’t match. If biometric data such as the photograph, fingerprint and other information have been captured electronically, it only makes sense that a person’s identity immediately pops up on the system regardless of the fact that the names are misspelled or mismatched,” Subomi Sodipo, CEO CFmobile told BusinessDay.
“Same goes for the driver’s license, international e-passport, SIM card registration and others,” Sodipo added.
Industry experts also worry about the high risk of inappropriate use of accumulated data, as personal information of citizens could easily become accessible to identity thieves who perpetuate unwholesome activities online.
They say that even after the Senate finally passed the cybercrime bill into law after almost 15 years of deliberation as to whether or not the country needed such a law, Nigerians are still at risk of being attacked on the virtual space because of the way personal data is being collected and handled by institutions such as banks and telecommunication companies in the country.
“In Nigeria, we don’t know where the hospitals are keeping our personal health records. Personal identifiable information such as your financial records should only be for you and the government to see, all the BVN data that the banks are collecting, where are they being housed and who has access to it? Protection of personal information, storage of personal data,cybercrime, protection of shareholders stake in organisations and similar issues need to be covered,” Rex Mafiana, CEO FPG Technologies told BusinessDay in an interview.
Nigeria is said to have a data retention law but not a data privacy law, even though the collection agencies have a responsibility to protect all data in their custody.
A cyber security report by Check Point Software Technologies Limited revealed that cybercriminals are not the only threat to the integrity and security of corporate data. Just as quickly as a hacker could penetrate a network, in-network actions can also easily result in data loss.
Check Point found that data can unknowingly leak out of any organisation for a variety of reasons, most of those tied to current and past employee actions in handling given data.
The report stated that while most security strategies focus on protecting data from hackers coming in, it is equally important to protect data from the inside out, by way of handling and processing such data.
