In a move to improve the regulation of sensitive data in Nigeria’s public institutions, the National Information Technology Development Agency (NITDA) has ordered a two-month deadline to securely digitize all databases in the sector. This is in line with global practices and secure technological innovation, as data is of public importance.

In a press release signed by the agency’s Corporate Affairs and External Relations, Hadiza Umar, NITDA said the directive is part of the Guidelines for Management of Personal Data by Public Institutions in Nigeria 2020. It stated that all public institutions holding or processing personal data are required to securely digitize all personal databases within 60 days from the issuance of the guidelines

“Similarly, all such public institutions are required to maintain the highest level of information security to guarantee confidentiality, integrity, availability, and resilience of all databases within their control,” the statement read.

One of the challenges in Nigeria is data collection and storage, making it difficult to collect information across multiple government parastatal databases that house these data. However, with this initiative, data could play a much broader role in driving socio-economic development such as crime prevention, housing (background checks), and so on.

In the commencement of the new order, the agency said the guidelines are to be considered as supplementary regulations to the Nigeria Data Protection Regulation (NDPR), 2019, which said it is still much relevant and binding on all Nigerian individuals and institutions.

Dealing with sensitive data requires adherence to the highest ethical and professional standards, hence, the new guidelines mandate the use of secure technology and automated processes for personal data by public institutions. This is also in line with the requirements of the National Digital Economy Policy and Strategy, and in consonance with emerging global data regulatory models.

Also, the new NITDA guidelines recognize the need for collaboration between the public and the private sectors in handling interventions for the benefits of the citizens. The official noted that the guidelines provide a strict framework for such collaborations to ensure that the privacy of Nigerians was not unduly infringed.

“The COVID-19 pandemic, for example, has brought up the need for more personal data use to limit the spread of the virus. While we recognize the existence of constitutional limitations on privacy rights in the interest of public health and safety, yet such limitations must be based on defined frameworks,” the statement reads.

The agency warned that punitive sanctions contained in the NITDA Act 2007 and NDPR shall be imposed if it found traces of breach or abuse of personal data of Nigerians. The latter regulation outlines the need to safeguard the right of natural persons to data privacy, fosters safe-conduct for transactions involving the exchange of personal data, prevents personal data manipulation among others.

By Ahmed Iyanda