The National Information Technology Development Agency (NITDA) says it is investigating the Lagos State Internal Revenue Service (LIRS) over breach of Nigeria Data Protection Regulation.
NITDA in a statement signed by its Director General Kashifu Inuwa Abdullahi on Friday said LIRS breached the data regulation by publishing a web portal – https://lagos.qpay.ng/TaxPayer – where personal information of tax payers of Lagos State was gleaned by the general public in breach of the Nigeria Data Protection Regulation (NDPR), 2019.
Mr Abdullahi said the agency would ‘’further investigate the breach and the circumstances surrounding it with the aim of assessing the impact of the breach as well as determine responsibility and culpability of data controllers or processors connected to the breach and prevent future occurrence.’’
‘’We also advise the public to be vigilant and to report immediately to NITDA or other law enforcement agencies if they notice that the information of any data subject on the LIRS database is further disclosed or used in any manner in violation of the NDPR. We enjoin all parties to cooperate with NITDA as we seek to protect the personal and confidential information of Nigerian Citizens from misuse and abuse.’’
The NITDA DG however commended LIRS for the swift remedial action in disabling the portal and pulling the website away from the public domain
‘’We however warn that glitches of this kind do not insulate LIRS from responsibility or culpability from whatever actions, civil or criminal, that may arise from such glitch, as personal and confidential information of data subjects were made available to the public illegally.
We stress that such glitches are in breach of the NDPR and invariably the National Information Technology Development Agency Act 2007’’, the DG said.
In October, NITDA also investigated True Caller Services private policy for not being in line with international best practices.