Identity theft for a long period has become a global menace to personal identification and data protection. Individuals- wealthy and poor- and corporate organizations have become victims of identity theft. Nigeria with many challenges on its shoulder is teetering on the brink of identity theft; hence the scourge thereon has become a kick in the teeth to Nigeria given that Nigeria does not have a law on data protection, despite its leading role in Africa. To my knowledge there is no law on data protection that exists in Nigeria. A proposed bill- Personal Information and Data Protection Bill- is still in pipeline and its passage into law seems like an illusion given the torrents of reservations that have been put forth by various stakeholders. The proposed bill is at variance with the contemporary best practices in international laws and some section of Chapter 4 of the 1999 constitution of Nigeria- the section that deals with the Fundamental Rights of citizens. Strikingly, the Bill is devoid of necessary ingredients to tackle data protection issues. Countries like Ghana, South Africa and Egypt have gone ahead of Nigeria in data protection policies. In the global world today, many countries are embracing the challenges of identity theft by fine-tuning ways to protect personal information of their citizens and preserve the image of their corporate organizations through potentially effective legislations. Nigeria seems to be comfortable living at the medieval where people’s identities had less importance. Nigeria really needs to wake up and smell the coffee!
Existing Legislations and flaws
Basically, the 1999 Constitution of the Federal Republic of Nigeria is the premise on which other existing laws are based. The existing laws that referred to protection of personal information in Nigeria are in furtherance of fundamental rights as enshrined in section 37- the section that deals with the Right to Private and Family Life- and other relevant sections of the 1999 Constitution of Nigeria, for example section 39- the section that deals with the Right to Freedom of Expression and the Press. But these provisions are handicapped by section 45- the section that deals with Restriction on and Derogation from Fundamental Human Rights.
Beside the Constitution, data protection is somehow referred to in the Freedom of Information (FOI) Act, 2011 which inter alia aims to enhance public access to information and protect public records and information as well personal privacy. Section 14 of the FOI Act deals with the exemption of personal information- circumstances upon which applications that seek personal information of others can be denied or granted. Though the provisions contained thereon may seem glamorous to the purpose of data protection, but they leave a hole in the fabrics of data protection as they only make reference to personal information in the saddle of public institutions, with no recourse to personal information in the pocket of private firms.
Registration of Telephone Subscribers Regulation (RTS) 2011, previously known as SIM Card Registration Regulation 2010, enshrines data protection, so to speak, as stipulated in section 11- the section that deals with Data Protection. The RTS 2011 makes reference to General Consumer Code Practice for Telecommunications Services, which therein in section 35 contains mechanism for data protection, but for consumers of telecommunications services in Nigeria. Though these regulations seem, to an extent, to embody some sort of outlook and effort to entrench data protection principles in the telecommunication industry, I do not have the firm conviction that the information about myself and my family that I have exposed in the course of Sim Card Registration and(or) other form of registration are well protected given the illicit and erroneous treatment of personal information in Nigeria, which are incidental consequences of the absence of a well detailed legal framework that guides data protection. These regulations seem more like a watery sun hung in the autumn sky. It is really ridiculous that upon violation of data protection provisions as contained in those regulations by some violator(s), the regulators do not treat such breach of data protection as a gross violation of the victims’ right to privacy, but rather as a mere breach of regulations with paltry financial and (or) trifling corporate sanctions that are mere scratch on the surface. This does not show the muscle of a regulation that is hell-bent on tearing down the thick walls of data protection menace.
It is very unfortunate that despite all the hullabaloos about financial sector restructuring and reinvention by the Central Bank of Nigeria (CBN), particular in the banking sector, that Nigeria still cannot boast of a single data protection law in the sector. To my knowledge, no law exists for data protection in the financial sector. Even the Banking and Other Financial Institutions Act (BOFIA) does not guarantee that. Customers disclose high volume of sensitive information to their banks, which unfortunately if misused cannot be enforced by customers, yet regulators with the statutory rights perform noticeably poor in protecting privacy of personal information of these gullible customers. The situation in the financial sector as compared to telecommunication sector seems to be worrisome.
In conclusion, given the astronomical increase in technology-driven activities with the resulting necessities for public and private institutions to seek for people’s personal data and information, where those information and date have become valuable to the seeker, the need to protect those information and data about people have become paramount. Time is now ripe for the Nigerian government to wake up and embrace the global trend in establishing data protection laws. ” – Okonkwo Julius Chukwuma – Abuja, Nigeria