Data Breach: Why NITDA must wield the big stick on LIRS – Advocacy Groups


A can of worms has opened up against the Lagos Internal Revenue Service (LIRS) for alleged data breach on the rights of Lagos state taxpayers.

Two advocacy groups, the Enough is Enough Nigeria (EiE) and Paradigm Initiative (PIN), in a statement on Tuesday, called on the National Information Technology Development Agency (NITDA) to as a matter of necessity met out appropriate penalties to LIRS for said offence.

In the statement jointly signed by the groups, it claimed that in December 2019, the personal data of numerous taxpayers in Lagos State were leaked on the payment portal of the LIRS, which simply violated not only their right to privacy under the Constitution but also the provisions of the Nigeria Data Protection Regulation (NDPR) 2019 as issued by NITDA – the regulator. 

As a result, the advocacy groups are making demand on NITDA to wield the big stick on LIRS as well as play its regulatory role of a data protection agency.

Enough is Enough is a coalition of Nigerian youth advocacy groups to promote better governance and political accountability in the country, while Paradigm Initiative is a social enterprise that builds an ICT-enabled support system and advocates digital rights in order to improve livelihoods for under-served youth.

Expressing reservations over the ability and suitability of NITDA to play the role of a data protection agency in Nigeria, the groups stated that “One would have thought the agency would work to prove doubters wrong by ensuring that violations against its regulations are duly punished.”

They said, “We are mindful that the Digital Rights Lawyers Initiative (DRLI) has filed suit No. FHC/L/CS/56/2020 against both LIRS and NITDA on the data breach seeking orders mandating NITDA to fine LIRS as provided under the NDPR to the tune of 2% of their annual gross revenue. We are monitoring this process and we will work with the litigant to ensure it is seen to a reasonable conclusion

“In addition to the specified fine, the NDPR provides for compensation for victims of a data breach, but the Lagos State government has said nothing about this,  in spite (or despite?) of their admission of guilt.

“We hereby call upon NITDA to stop paying lip service to data protection In Nigeria and to fulfill its role as a regulator on one hand and Lagos State government to compensate victims of the data breach as admitted. NITDA must give an update on all data breaches reported to it since the inception of the NDPR.”

Adding, they requested that “Nigeria should enact a data protection law duly passed by the National Assembly and signed by the president. The law should set up an independent Data Protection Authority with core mandate for data protection in Nigeria.”

Be the first to comment

Leave a Reply

Your email address will not be published.