The Nigerian IT regulator and Police are joining forces to curb what they see as the exponential growth of cybercrime, particularly data leakages breaching the nation’s privacy rules.
With no sign that cybercrime is abating anytime soon, the National Information Technology Development Agency (NITDA) says it is collaborating with the Nigeria Police Force to ensure that public and private organizations comply with the nation’s data protection and privacy rules spelt out in Nigeria Data Protection Regulation (NDPR).
Kashifu Abdullahi, Director General, NITDA, says the IT regulator plan to protect citizens’ personal information, tackle the menace of cybercrimes, and encourage safer use of the Internet by individuals, public, and private organisations in Nigeria.
Kashifu, who gave this insight during a visit to IGP Usman Baba, the Inspector General of Police in Abuja, says that cybersecurity “has become very essential in today’s world where the society is more reliant on digital technology than ever before, and the sophistication and relentless attacks of cybercriminals are incomparable.”
Cybercrime: Why NITDA-Police Partnership is Imperative
The need for the NITDA-Police collaboration has become imperative to tackle the menace, Abdullahi says, through ensuring that organizations protect the personal information of citizens at their disposal as “there is apparently no sign that this trend will slow down anytime soon.”
In recent times, private individuals, private organisations, government establishments, and even military and paramilitary have all been targets of these acts, mostly because there is a high rate of data leakage on the internet, according to the NITDA DG.
“Reports from our cybersecurity monitoring platforms have indicated that activities of cybercriminals have increased exponentially; data leakage that can lead to identity theft are now being posted on social media and even auctioned for sale on the dark web. It is important to note that this is a global phenomenon, nations around the world are reporting increasing numbers of cyberespionage, BEC Scams, Identity theft, amongst numerous other cybercrimes,” Abdullahi says.
The borderless nature of cyberspace, he says “makes it necessary for NITDA to be a step ahead of these cybercriminals, especially as the country begins to adopt a digital economy, hence it is important that Nigeria build resilience against these threats to ensure trust in the system.”
While commenting on laws that empower the IT regulator, particularly the NITDA Act 2007, Abdullahi says that NITDA is increasingly paying attention to cybercrime and cybersecurity, and this led establishment of its Computer Emergency Readiness and Response Team (CERRT) to provide support for MDAs in tackling cybersecurity incidents.
CERRT does these through prompt awareness, cybersecurity tips, monitoring intrusion, leveraging trusted resources, and implementing a response plan for MDAs, he explains.
NITDA also publishes Information Assurance Guidelines for MDAs towards ensuring that MDAs implement the minimum controls required to safeguard their information assets, Abdullahi says, adding that the enactment of the NDPR ensures that personal data of data subjects are protected.
According to him, mechanisms are set in place to ensure that violations to NDPR provisions are appropriately investigated and appropriate sanctions applied.
He appreciated the support offered by the Police by attaching its officers to the NITDA Regulations Compliance Monitoring Team.
Explaining NITDA’s mandate on IT Project Clearance, the DG stated that the Federal Government Circular issued on 18th April, 2006 specifically directed all MDAs planning to embark on IT projects to obtain clearance from NITDA. This was subsequently reinforced by another Circular issued on the 31st August 2018.
“To reiterate the importance of NITDA’s role in IT Procurements in Government, during his speech at the e-Nigeria International Conference, Exhibition and Awards 2018, Muhammadu Buhari directed all Federal Public Institutions (FPIs) to ensure that their IT projects are duly cleared by NITDA, and directed that defaulters should be reported to government for sanctioning”, Abdullahi says.
The NITDA DG also sought for the support of Nigeria Police towards ensuring that young Nigerians with genuine IT businesses are allowed to operate and, where necessary, adequately support them in carrying out their lawful businesses.
“The critical role of Start-ups in our journey towards a Digital Nigeria cannot be overemphasised. However, some Tech Start-ups have reported being harassed by some Law Enforcement Agencies, with some having their IT systems confiscated. This has negatively impacted on their business operations as well as the economy. NITDA maintains a database of genuine Start-ups with verifiable business ventures and duly registered with the Agency. Access to such a database can be granted to the Force when the need arises,” he explains.
The IGP Usman Alkali Baba, appreciated NITDA’s visit to the corporate Headquarters of NPF and assured DG of the Force’s support towards realising the Agency’s mandate. He also reiterated the need for synergy and collaboration with NITDA, stating that no organisation can effectively operate without leveraging digital technologies and NITDA being the IT regulator in the country, is central to the activities of the Force.
The NITDA-Police collaboration comes amid a similar one between the IT regulator and with the Federal Competition and Consumer Protection Commission (FCCPC) to address what was described as “the alarming rates of data privacy abuse by money lending operators.”
“Section 17(a) of the FCCPA, 2019 empowers the Commission to administer and enforce provisions of every Nigerian law with respect to competition and protection of consumers. NITDA has therefore found the FCCPC as a key stakeholder in its efforts to rein in the activities of some micro-money lenders who have formed a penchant for abuse of personal data of Nigerians. These operators execute this by abusing their personal data, breaching their privacy and sharing it with others who are not part of the initial contract”, according to Mrs. Hadiza Umar, Corporate Affairs and External Relations Head of NITDA.
NITDA’s investigation led to the imposition of a N10,000,000 fine and other administrative sanctions on Soko Lending Company, Umar says after the agency received over 40 petitions from members of the public on the alleged personal data abuse of some lending companies.
“As an agency focused on using its mandate to empower Nigerians and make them active players in the digital economy”, Mrs Umar says, “NITDA is very concerned about the worrisome effect the nefarious activities of the money lending companies is having on families, friends, and the society at large. Some of the complainants had contemplated suicide, indicating that government needed to do more to protect vulnerable Nigerians.”
The NITDA-FCCPC partnership “will lead to a more robust and concerted regulatory approach which we believe would ensure that Nigerians get necessary reprieve from the illegal use of their personal data for money lending operations. The partnership would entail joint investigations, enforcement, and possible prosecution”, according to the IT regulator.
“We, therefore, use this medium to inform all money lending operators and other data controllers and processors that NITDA is set to enforce the privacy right of Nigerians in line with the Nigeria Data Protection Regulation (NDPR) 2019. Controllers and Processors who seek guidance on Compliance with the NDPR should contact NITDA licensed Data Protection Compliance Organizations (DPCO)”, the NITDA Corporate Affairs and External Relations Head says.