By Dirisu Yakubu
Renowned General Data Protection Regulation, GDPR, expert, Alexander Lana has decried what he called the unwillingness of federal government owned institutions to comply with the Nigeria Data Protection Regulation, NDPR, saying such behaviour such exposes the country to risks associated with cyber-attacks.
Lana, who boasts of over 20 years experience in Information Technology (IT) industry, stated this in Abuja against the backdrop of the recent listing of federal institutions that have keyed in to the data protection protocol designed by National Information Technology Development Agency, NITDA.
He described as shocking the fact that prominent federal institutions handling huge amount of data are yet to comply with the data protection protocol.
Vanguard recalls that the Nigeria Data Protection Regulation was initiated in January 2019 by NITDA, with the agency endorsing more than 60 licensed data compliance organisations to enable government and private institutions become compliant with the protection rules.
Worried by the absence of some federal institutions on the recently released list, he noted that such low compliance can adversely impact the realisation of the gains of digitisation.
“The recent release of the list of organisations that have complied with the data protection regulation by NITDA on its website is very insightful. One would have thought that most, if not all, federal government owned-institutions, would have keyed into this critical regulation, considering the large amount of personal identifiable information they control,” he said.
Mr. Lana added that more needs to be done by NITDA to enforce a compliance deadline as well as a stringent penalty or even a closure in the event of failure to comply.
“The lack of understanding on the importance of data processing is of concern to me. There’s a window of opportunity to correct this now whilst the world is currently under a pandemic. NITDA must put the tools out for organizations to adhere to and start running multiple training sessions immediately.
“Is it not worrisome that institutions like the Joint Admission and Matriculation Board, JAMB, Federal Airports Authority Of Nigeria, FAAN, Nigeria Universities Commission, NUC, National Hospital and Federal Medical Centre, Jobberman and the health sector are among others missing from such a list,?” he queried
Lana said it is disturbing that government-owned institutions seem not to comprehend the depth of risk they expose the nation to by failing to ensure that enormous data in their custody are properly protected.
While commending the President Muhammadu Buhari-led government for being proactive with regards to protecting data by initiating the regulation in line with world best practices, Lana added that “We are at a time when need for data protection isn’t just a luxury but an absolutely necessity as many organisations are actively involved in gathering data.”
He continued: “We have never been more vulnerable now than ever before. If data gets into the wrong hands, a-lot of damage can be done with it. A lot of individuals have been destroyed because their data got into the wrong hands not to talk about our reputation globally regarding 419 activities and yahoo boys syndrome. We are better than this and we should be doing a lot more in my opinion.
“That is why we are concerned that despite the regulations by NITDA to ensure data is protected, many organisations, especially sensitive Ministries, Department and Agencies, MDAs, who handle sensitive data are yet to undergo the process of ensuring that data under their custody are properly protected in line with the rules.
“We are aware that sanctions where spelt out for defaulting establishments but must we keep waiting until a major crisis happens before those organisations sit up? I truly believe NITDA should go after this organizations with trained task forces to ensure compliance are taken seriously.
On the country’s data protection readiness, he said “Nigeria is on track but the gaps are becoming a concern to me. The data protection regulation by NITDA, was fashioned after that of the European Union, EU.
“I will like to see more information out there about data protection and immediate basic measures adopted immediately. I can see the problem ahead now but we can control it if these measures adopted.”