Chinenye Anuforo [email protected]
The National Information Technology Development Agency (NITDA), in furtherance of its regulatory mandate, has issued guideline for management of personal data by public institutions in Nigeria, 2020.
Head of corporate affairs and external relations, NITDA, Mrs. Hadiza Umar, in a statement, said the guidelines were issued as supplementary regulation to the Nigeria Data Protection Regulation (NDPR), 2019.
They stipulate the requirements for the processing of personal data by public institutions in Nigeria and were issued to reinforce the implementation of the NDPR. All the principles and provisions of the NDPR remain valid and applicable to all Nigerians, including public institutions.
The guidelines require all public institutions and any entity co-owned by government to process all personal data of Nigerians and data subjects in Nigeria in line with best practices and in conformity with the highest standards, to take cognisance of the fact that some public sector data processing may be founded on vital or public interest.
This position of trust requires public data controllers and processors to apply the highest ethical and professional standards in processing such data. It also mandates the use of secure technology and automated processes for personal data by public institutions, in line with the requirements of the National Digital Economy Policy and Strategy, championed by Dr. Isa Pantami, the Minister of Communications and Digital Economy.
NITDA’s issuance of public-sector-specific guidelines is another effort made in consonance with the emerging global data regulatory models.
All public institutions holding or processing personal data are required to securely digitize all personal databases within 60 days from the issuance of the guidelines.
Similarly, all such public institutions are required to maintain the highest level of information security to guarantee confidentiality, integrity, availability and resilience of all databases within their control.
NITDA recognizes the need for collaboration in some cases between the public and private sector to tackle emergencies or other state-led interventions for the benefit of citizens. Therefore, the guidelines provide a strict framework for these types of collaborations to ensure that the privacy of Nigerians is not unduly infringed. The COVID-19 pandemic, for example, has brought up the need for more personal data use to limit the spread of the virus.
The agency stated that, while it recognises the existence of constitutional limitations on privacy rights in the interest of public health and safety, such limitations must be based on defined frameworks: “NITDA therefore implores all concerned parties to comply strictly with the requirements of these guidelines and seek professional guidance from licensed Data Protection Compliance Organisations (DPCO) for the purpose of compliance.”
“NITDA will not relent in its surveillance to ensure adequate compliance with the NDPR and these guidelines. The agency shall not hesitate to invoke the punitive sanctions provided in the NITDA Act 2007 and NDPR, in the event of breach or abuse of personal data of Nigerians. We urge all concerned parties to study these guidelines diligently and apply them accordingly. We also encourage all parties to seek clarifications or guidance when needed,” NIDA said.