The National Commissioner, Nigeria Data Protection Commission (NDPC), Dr Vincent Olatunji, has ordered a full-scale investigation in respect of allegations of unauthorised access to personal data of enrollees in the database of National Identity Management Commission (NIMC).

The investigation is a further regulatory measure to be taken by NDPC in the wake of public concerns over reports of illegal access to personal data of enrollees by a shadowy entity called XpressVerify.com.

It will be recalled that prior to now, NDPC has been engaging with NIMC on fostering adequacy of data protection. To this end, NDPC held a training with relevant officers of NIMC early February, 2024. This is one in a continuum of measures being put in place by the Federal Government to ensure data privacy and protection.

In a press statement made available to press, Olatunji said, “We note that NIMC has initiated internal investigation and it has immediately given full assurances of cooperation with NDPC to get to the root of the allegation and to review existing mediums through which any entity may lawfully verify the identity of enrollees on its platform.

“Furthermore, NDPC will work with relevant agencies to audit the trails of the alleged unauthorized data processing and monetization of same, and those who are found culpable for violating the Nigeria Data Protection Act, 2023 will be brought to justice.”

The national commissioner further directed that preliminary findings of the investigation should be made public within seven days.

Meanwhile, NIMC has reiterated that it offers NIN verification and other services through licensed partners only.

However, XpressVerify is not one of the Commission’s licensed partners, it added.

It said, “We express our gratitude to our media partners and the whistleblowers for bringing this to our attention and wish to assure Nigerians and legal residents that there is no data breach of any sort and the Citizens’ data is safe and secure in the Nigeria’s National identity database.”

The director general and chief executive officer of NIMC, Engr. Abisoye Coker-Odusote, has promptly ordered a comprehensive in-house investigation into the matter to find out if any of the Commission’s Tokenisation verification agents has in any way breach the licensing agreement either directly or through any of their sub-licensees.

Coker-Odusote affirmed the commitment of NIMC to data protection and privacy, and assured that no stone will be left unturned in ensuring the safety and security of the data of all enrollees.

“Top-level security is in place to protect the NIN and other personal data of every citizen and legal resident.

“NIMC reaffirms its unwavering dedication to safeguarding, securing, and responsibly managing the data entrusted to us. The Commission understands the critical importance of maintaining public trust and confidence in our operations, and we will continue to uphold the highest standards of integrity and accountability,” she stated.