The National Commissioner of the Nigeria Data Protection Commission (NDPC), Dr. Vincent Olatunji, has initiated a comprehensive investigation into claims of unauthorized access to the personal data of individuals enrolled in the National Identity Management Commission (NIMC) database.
This move comes as a regulatory response following public outcry over allegations of illicit data access by an entity identified as XpressVerify.com.
Previously, NDPC has been collaborating with NIMC to enhance data protection measures. In February 2024, NDPC conducted a training session involving relevant NIMC personnel as part of these ongoing efforts.
Dr. Olatunji stated, “We acknowledge NIMC’s internal investigation and their commitment to cooperating with NDPC. Our focus is on uncovering the truth behind these allegations and assessing the existing channels for lawful identity verification.”
Moreover, NDPC will collaborate with relevant agencies to audit the alleged unauthorized data processing and its potential monetization. Perpetrators found guilty of violating the Nigeria Data Protection Act, 2023 will face legal consequences.
As part of transparency measures, Dr. Olatunji mandated that initial investigation findings be made public within seven days. Meanwhile, NIMC emphasized that it only offers NIN verification and services through licensed partners, with XpressVerify not being among them.
Expressing gratitude to whistleblowers and media partners, NIMC assured citizens of the security of their data within the national identity database.
In response, NIMC’s Director General and CEO, Engr. Abisoye Coker-Odusote, swiftly ordered a thorough investigation into potential breaches of licensing agreements by the Commission’s Tokenisation verification agents.
Reaffirming NIMC’s commitment to data protection and privacy, Coker-Odusote pledged rigorous efforts to safeguard enrollees’ data. She emphasized the implementation of robust security measures to maintain public trust and confidence in NIMC’s operations.