Data breach: NITDA must sanction LIRS ― CSOs
Civil Society Organisations (CSOs) have asked the National Information Technology Development Agency (NITDA) to sanction the Lagos Internal Revenue Service (LIRS) for violating rights of Nigerian taxpayers who were victims of the December 2019 data breach on the platform of the LIRS.
The CSOs including Enough is Enough Nigeria (EiE) and Paradigm Initiative (PIN) said the LIRS also violated the provisions of Nigeria Data Protection Regulation (NDPR) 2019 that was issued by NITDA.
Recall that in December 2019, the personal data of numerous taxpayers in Lagos State was leaked on the payment portal of the Lagos Internal Revenue Service (LIRS).
The CSOs according to a joint statement released on Tuesday, titled “Data Breach by LIRS: Why NITDA must wield the big stick,” noted that the Lagos State government has not shown any resolve to compensate the victims of the data breach.
The CSOs also asked the Federal Government to enact a data protection law of the National Assembly which will cater for the establishment of an independent Data Protection Authority with a core mandate to protect data of Nigerians.
The statement reads in part: “It should be noted that we had expressed reservations over the ability and suitability of NITDA to play the role of a data protection agency in Nigeria. One would have thought the agency would work to prove doubters wrong by ensuring that violations against its regulations are duly punished.
“We are mindful that the Digital Rights Lawyers Initiative (DRLI) has filed suit No. FHC/L/CS/56/2020 against both LIRS and NITDA on the data breach seeking orders mandating NITDA to fine LIRS as provided under the NDPR to the tune of 2% of their annual gross revenue. We are monitoring this process and we will work with the litigant to ensure it is seen to a reasonable conclusion
“In addition to the specified fine, the NDPR provides for compensation for victims of a data breach, but the Lagos State government has said nothing about this, in spite (or despite?) of their admission of guilt.
“We hereby call upon NITDA to stop paying lip service to data protection in Nigeria and to fulfil its role as a regulator on one hand and Lagos State government to compensate victims of the data breach as admitted. NITDA must give an update on all data breaches reported to it since the inception of the NDPR.”