The Federal Government says an agency of the Lagos State Government has breached the Nigeria Data Protection Regulation (NDPR) 2019. The Lagos State Internal Revenue Service (LIRS) is accused of illegally publishing the personal and confidential information of taxpayers in the state through a web portal that has since been pulled down.
It will be recalled that on April 25, 2019, the National Information Technology Development Agency (NITDA) commenced implementation of the Nigerian Data Protection Law, which seeks to safeguard the rights of Nigerians to data privacy.
MediaDimensions gathered that data regulation provides for data subjects and in this case taxpayers to give consent to the processing of their personal data for one or more specific purposes and that the purpose for collection should be made known to the subject.
The penalty for breaching this regulation in addition to any other liabilities includes payment of the fine of two per cent of annual gross revenue of the preceding year or the sum of N10 million, whichever is greater in the case of a data controller dealing with more than 10,000 data subjects as in this case of the breach by the Lagos State Government.
For violations affecting less than 10,000 data subjects, the penalty is the payment of the fine of one per cent of the annual gross revenue of the preceding year or the sum of N2m, whichever is greater.
Below is the full text of the press release issued by NITDA in respect of the violations by the LIRS.
Breach of Nigeria Data Protection Regulation by the Lagos State Internal Revenue Service
The National Information Technology Development Agency (NITDA) was reliably informed and duly ascertained that the Lagos State Internal Revenue Service (LIRS) published a web portal – https://t.co/gpLxOjgIjE – where personal information of taxpayers of Lagos State was gleaned by the general public in breach of the Nigeria Data Protection Regulation (NDPR), 2019.
We have also been informed that the LIRS has indicated that public access to the portal was a glitch from a consultant of the Service and that the portal has been duly disabled.
We commend LIRS for the swift remedial action in disabling the portal and pulling the website away from the public domain.
We, however, warn that glitches of this kind do not insulate LIRS from responsibility or culpability from whatever actions, civil or criminal, that may arise from such glitch, as personal and confidential information of data subjects were made available to the public illegally.
We stress that such glitches are in breach of the NDPR and invariably the National Information Technology Development Agency Act 2007.
The Agency will further investigate this breach and the circumstances surrounding it with the aim of assessing the impact of the breach as well as determine responsibility and culpability of data controllers or processors connected to the breach and prevent future occurrence.
We also advise the public to be vigilant and to report immediately to NITDA or other law enforcement agencies if they notice that the information of any data subject on the LIRS database is further disclosed or used in any manner in violation of the NDPR.
We enjoin all parties to cooperate with NITDA as we seek to protect the personal and confidential information of Nigerian Citizens from misuse and abuse.
The Agency can be reached through its email address: firstname.lastname@example.org or any of NITDA’s handle on Twitter or Facebook: @NITDANigeria or https://t.co/XJd7x1lJ9o respectively.
www.mediadimensions.live… Closing the gaps in end-user news content