The National Information Technology Development Agency (NITDA) says it has commenced investigation into how the Lagos State Internal Revenue Service published a web portal – https://lagos.qpay.ng/TaxPayer, where personal information of tax payers of Lagos State was gleaned by the general public in breach of the Nigeria Data Protection Regulation (NDPR), 2019.
In a statement signed by the director-general and chief executive officer of NITDA, Mr. Kashifu Inuwa Abdullahi, CCIE and made available to our correspondent on Friday, the IT agency while commending the LIRS for its swift remedial action in disabling the portal and pulling the website away from the public domain, however warn that glitches of such do not insulate the revenue agency from responsibility or culpability from whatever actions, civil or criminal, that may arise.
The statement further call on the general public to be at alert and report activities aimed at breaching private data of Nigerians to the agency for its necessary actions.
NITDA had issued the NDPR in January 2019 with the objective of protecting personal data, improve ease of doing business in Nigeria and to create jobs for over 300,000 Nigerians through the unique implementation model of the NDPR.
Read the full statement below:
The National Information Technology Development Agency (NITDA) was reliably informed and duly ascertained that the Lagos State Internal Revenue Service (LIRS) published a web portal – https://lagos.qpay.ng/TaxPayer – where personal information of tax payers of Lagos State was gleaned by the general public in breach of the Nigeria Data Protection Regulation (NDPR), 2019. We have also been informed that the LIRS has indicated that public access to the portal was a glitch from a consultant of the Service and that the portal has been duly disabled.
We commend LIRS for the swift remedial action in disabling the portal and pulling the website away from the public domain. We however warn that glitches of this kind do not insulate LIRS from responsibility or culpability from whatever actions, civil or criminal, that may arise from such glitch, as personal and confidential information of data subjects were made available to the public illegally. We stress that such glitches are in breach of the NDPR and invariably the National Information Technology Development Agency Act 2007.
The Agency will further investigate this breach and the circumstances surrounding it with the aim of assessing the impact of the breach as well as determine responsibility and culpability of data controllers or processors connected to the breach and prevent future occurrence. We also advise the public to be vigilant and to report immediately to NITDA or other law enforcement agencies if they notice that the information of any data subject on the LIRS database is further disclosed or used in any manner in violation of the NDPR. We enjoin all parties to cooperate with NITDA as we seek to protect the personal and confidential information of Nigerian Citizens from misuse and abuse.
The Agency can be reached through its email address: info@nitda.gov.ng or any of NITDA’s handle on Twitter or Facebook: @NITDANigeria or https://web.facebook.com/nitda.nig/ respectively.
The National Information Technology Development Agency (NITDA) is a Federal Government Agency under the supervision of the Federal Ministry of Communications and Digital Economy. NITDA was established in April 2001 to implement the Nigerian Information Technology Policy as well as coordinate general IT development and regulation in the country. Specifically, Section 6(a, b, c, f & m) of the Act mandates NITDA to create a framework for the planning, research, development, standardization, application, coordination, monitoring, evaluation and regulation of Information Technology practices, activities and systems in Nigeria; provide guidelines to facilitate the establishment and maintenance of appropriate infrastructure for information technology and systems application and development in Nigeria for public and private sectors, urban-rural development, the economy and the government; render advisory services in all information technology matters to the public and private sectors and accelerate internet and intranet penetration in Nigeria and promote sound internet Governance by giving effect to the Second Schedule of the Act.
Signed:
Kashifu Inuwa Abdullahi, CCIE
Director General/CEO
Chief Information Technology Officer for Nigeria
Corporate Headquarters, Garki, Abuja