National Information Technology Development Agency (NITDA) has given a 60-day deadline for public institutions holding or processing personal data to securely digitize all databases.
Mrs Hadiza Umar, head of NITDA’s Corporate Affairs and External Relations. NITDA, said that this will be done in adherence to the highest level of information security, ensuring confidentiality, integrity and resilience of all databases within such institutions’ control.
Umar, in statement on the agency’s website, said that the directive is part of the Guideline for Management of Personal Data by Public Institutions in Nigeria 2020. Part of the statement said:
“All Public Institutions holding or processing personal data are required to securely digitize all personal databases within 60 days from the issuance of the Guidelines.
“Similarly, all such public institutions are required to maintain the highest level of information security to guarantee confidentiality, integrity, availability and resilience of all databases within their control.”
The guidelines are to be considered supplementary regulations to the Nigeria Data Protection Regulation (NDPR), 2019, which is still considered valid and binding on all Nigerian individuals and institutions.
Controlling such sensitive data is a position of trust that requires adherence to the highest ethical and professional standards, in line with global practices and secure technological innovation, as the data is of public importance.
The new guidelines “also mandates the use of secure technology and automated processes for personal data by Public Institutions, in line with the requirements of the National Digital Economy Policy and Strategy,” and in consonance with emerging global data regulatory models.
There will sometimes be a need for collaborations between the public and the private sectors in handling interventions for the benefits of citizens, and this could necessitate the use or release of such data.
The new NITDA guidelines recognise this and provides a framework that will ensure the privacy of citizens’ data without hindering the process.
“The COVID-19 pandemic, for example, has brought up the need for more personal data use to limit the spread of the virus. While we recognise the existence of constitutional limitations on privacy rights in the interest of public health and safety, yet such limitations must be based on defined frameworks,” the statement read.
NITDA urged compliance from all concerned institutions, stressing that “the Agency shall not hesitate to invoke the punitive sanctions provided in the NITDA Act 2007 and NDPR in the event of breach or abuse of personal data of Nigerians.”
NITDA, the apex regulatory body for Information Technology in Nigeria, issued Nigeria’s first comprehensive framework for the protection of personal data, the NDPR 2019, to provide a framework for the protection and processing of personal data of Nigerians and residents.
The agency functions under the Federal Ministry of Communication and Digital Economy and is charged with the task of monitoring the use of electronic data interchange and other forms of electronic communication transactions in Nigeria.