Nigeria’s Sensitive National Data is Reportedly in Wrong Hands and the Government Seems Indifferent About it

Nigeria’s sensitive data and other information are in the untrusted hands of a fugitive. This is according to the report of an investigation carried out by Premium Times and the BBC.

According to the report, Mahmood Ahmadu is the fugitive in question and his company, Online Integrated Solutions Limited (OIS) is currently allowed to be in possession of sensitive data.

According to the report, Online Integrated Solutions Limited (OIS), is currently working on behalf of the Nigerian Immigration Service (NIS), the Central Bank of Nigeria (CBN) and the National Identity Management Commission (NIMC). As such, it is currently in charge of collecting sensitive data of Nigerians and foreigners on behalf of these federal organisations.

Sensitive data reportedly in the company’s possession include Bank Verification Numbers (BVN) and National Identification Number (NIN) especially those of Nigerians living in the diaspora. Also in the company’s possession are passport information of foreigners seeking to enter Nigeria.

The Back story

According to the report, one of Mr Mahmood Ahmadu’s company, Drexel Tech, organised the unfortunate NIS recruitment exercise of 2014 on behalf of the Ministry of Interior. That exercise fetched a windfall of more than half a billion Naira and led to the deaths of 16 job seekers.

Two years later, the EFCC filed an 11-count charge suit bordering on fraud and money laundering against Drexel Tech and others. At this point, Mr Ahmadu was already at large. According to the EFCC, Mahmood Ahmadu made N676 million from the exercise, spent over N200 million on choice properties in Abuja and converted over N100 million to dollars for his personal use.

While Mr Ahmadu has since resigned as director of the UK subsidiary of OIS, Premium times insists he remains the sole shareholder of the company.

Searches on Opencorporates and details gleaned from the OIS Certificate of Incorporation revealed that Mr Ahmadu is still the sole shareholder and ultimate beneficial owner of the company.

Premium Times Report

And presently, his company still remains in charge of collecting and handling delicate and sensitive data on behalf of the Federal Government which is supposed to be prosecuting him.

Privacy Concerns in Nigeria

Issues concerning privacy hardly ever seem to bother Nigerians. Perhaps this indifference is a factor that spurs organisations in charge of these sensitive data to handle them with less care than they should.

That indifference is clearly reflected in the president’s reluctance to sign the 2019 Data Protection Bill into law. Part of that bill proposes that servers housing sensitive national data be hosted in Nigeria. OIS is a UK-based company with a Nigerian subsidiary. It will be interesting to know if the data collected are stored in servers hosted in Nigeria.

The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is guaranteed and protected under Section 37 of the 1999 Constitution. But in the absence of a statute which specifically deals with handling this information, that section of the constitution remains superficial at best.

There’s, therefore, the urgent need for the president, Muhammadu Buhari to assent to the 2019 Data Protection Bill. There is also the need to ensure that the law be enforced to the latter.

In the meantime, the National Information Technology Development Agency (NITDA) needs to update its Data Protection Regulation to focus a lot more on third-party handlers of sensitive data as well as various government agencies doing the same. If government can’t regulate its own self, it would be hard to adequately regulate others.

Nigerians themselves need to wake up to the fact that the data privacy problem is a very well. Many Nigerians are quick to sign off consent without bothering to examine the fine print. Thus, when giving out these sensitive data to government agencies, they don’t bother to read the privacy terms before appending our signatures.

A lot of education would probably be needed in this regard.

Nigerians who really care about their privacy won’t feel it is protected enough in the hands of a company controlled by a man who stands indicted for dubious and shady dealings.