In the digital age data is referred to as the “oil of digital era”, data is foundational to the success of the process as it provides several opportunities for witty decision making. This is evident in the fact that the most valuable companies are those that deal with data e.g., Google and Facebook.
Data privacy, also called information privacy, is the aspect of information security that deals with the ability of an organization or individual to determine the data in a computer system that must be kept private without external parties gaining unauthorised access to it. Everyone expects their personal information to remain confidential. This includes anything that can identify them—name, work and home address, family information, employment, financial details or more sensitive information.
There is need to raise awareness amongst organisations to protect their data and so January 28th is recognised as the International Privacy day. It aims at raising awareness, promoting privacy and data protection best practices at national, corporate and personal levels.
It should however be noted that the term ‘Data Privacy’ does not only refer to the use of technology. Instead, it encompasses the application of administrative, technical or physical measures to guard against unauthorised access to any such data listed above. It fundamentally gives an individual the right to know what information about them is being held; and then provide a framework to ensure that personal information is handled properly thus safeguarding the individual’s right to privacy.
Section 37 of the Nigerian Constitution (1999) which provides that “The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected”; everyday, agencies and organizations in Nigeria at some point collect information from customers, key organizations like Financial institutions, Nigerian Communications Commission (NCC), Nigeria Immigration service, National Identity Management Commission (NIMC) and the Independent National Electoral Commission (INEC), just to mention a few, collects and manage the information of millions of Nigerian. The question is, are there laws in place to ensure Data privacy?
The National Information Technology Development Agency (NITDA) is the national authority that is responsible for planning, developing, and promoting the use of information technology in Nigeria. NITDA, in performing this duty, issues guidelines which prescribe the minimum data protection requirements for the collection, storage, processing, management, operation, and technical controls for information. The Guidelines is currently the only set of regulations that contains specific and detailed provisions on the protection, storage, transfer or treatment of personal data in Nigeria.
Despite security fears password hygiene remains poor, a large fraction of the population uses seven or fewer passwords across all of their online accounts. There have been growing concerns when it comes to data privacy, consumers bothered about security and privacy with Internet of Things (IoT) devices, a substantial number don’t trust brands to handle their personal information appropriately, a number believe that the responsibility for protecting their data lies with the organizations, while a few believe brands should be responsible and some believe government should have that role.
The Nigerian government, having recognized the importance of Data Privacy have, (through the overseeing agency) been making efforts to promulgate laws however, individually we all have major roles to ensuring data privacy. When it comes to the global attitudes on the usages of personal data, consumers draw the line in dramatically separate places.
The sale of data to third-parties in exchange for the speed, convenience, product range, home delivery and price comparison (offered by online shopping offers) is still very uncomfortable for many. Unwanted marketing was cited as consumers’ top concern about businesses using their personal data, followed by sale of personal information to third-parties and organisations housing them in unsecure systems. Other areas of concern are customers uncomfortable with the use of personal information by smart phones and tablet applications. Invariably, we might as will conclude that a majority of consumer value privacy over convenience.
With the right Government policies in place backed by stiffer sanctions on defaulters, organizations will pay closer attention to the privacy of customer data, infrastructure that house them and the people who manage these data. Individuals can be more careful about the security of devices and apps before they connect, be conscious about changing default passwords and understanding about the risks of data privacy, as they play a critical role in the privacy of their own data.
Ethics of Data protection
Countries that have proposed the data protection law seek to guide companies handling personal data under these codes of ethics to ensure that information is always:
- Used fairly and lawfully
- Obtained only for one or more specified and lawful purposes
- Used in a way that is adequate, relevant and not excessive in relation to the purpose for which they are processed
- Accurate and where necessary, kept up to date
- Kept for no longer than is necessary for that purpose
- Handled according to people’s data protection rights
- Kept safe and secure against unauthorised or unlawful processing of personal data
- Not transferred outside of the country without adequate protection
Dangers of lack of Data Protection Laws
Countries that have not payed attention to making Data Privacy laws have exposed the data of the citizens to foreign countries. An example includes issues of national security where data is processed by third parties when proper accountability checks cannot be verified because there are no standard guidelines. Consider a bizarre case of such parties selling national data to black marketers that could be used for cyberterrorism acts poses a plausible risk.
The way forward for Nigeria
Considering the rapid growth and evolution within the Nigeria ICT environment, it is imperative that the National Assembly institutes a robust Data Protection legislation that is all encompassing. This will not only foster investors’ confidence but also protect the very sovereignty of our country. It is my belief that this will prompt stakeholders comprising policy makers, legislators and industry experts for “A Call to Action”.