The Nigerian Data Protection Commission, NDPC, has said that following the reported incident of unauthorized NIN verification by expressverify.com, its investigation reveals that a third-party who, among others, was originally authorized to provide verification services to citizens and genuine businesses might have allowed expressverify.com to use its NIN verification credentials to conduct verification.
The Commission said that the circumstances surrounding this permission were still under investigation.
It said to remedy this incident, the National Identity Management Commission (NIMC), in line with established remediation protocols, has barred all forms of access to its database.
The Commission said though necessary, barring all forms of access affected all genuine and crucial verification requests.
It said after a painstaking review, limited access has been granted to few establishments that are providing pivotal public services such as education and security.
NDPC said the ongoing investigation – by relevant agencies – seeks to establish the medium through which expressverify.com obtained the credentials of bona fide third parties and to determine the liability of persons involved in line with extant laws.
It said at the moment, data processing by licensees generally are to be scrutinized and only those that are cleared based on credible evidence of regulatory compliance will be permitted to carry out NIN verification going forward.
“Furthermore, series of intensive trainings will be conducted in order to ensure that personnel and licensees are abreast of the duty of care and the standard of care mandated by the Nigeria Data Protection Act, NIMC’s Privacy Policy and other relevant regulatory protocols,” it said in a statement signed by Babatunde Bamigboye, Head of Legal, Enforcement and Regulations, NDPC.
NDPC further called on members of the public to see NIN as an essential data for sustainable development.