The World Bank has disbursed $45.5 million to the National Identity Management Commission (NIMC) for Nigeria’s Digital Identification for Development (ID4D) project, aimed at expanding the National Identification Number (NIN) enrollment. This funding, provided between December 2021 and April 2024, forms part of a broader $430 million initiative. Despite progress, concerns over data security loom large.
Recent reports indicate breaches in NIN and other government databases, where Nigerian citizens’ data are allegedly available for purchase online. This has sparked worries about the adequacy of data protection measures, especially amidst the ongoing disbursements.
The Nigeria Data Protection Commission (NDPC) has faced criticism for perceived laxity in safeguarding data under its custody. Advocacy groups like Paradigm Initiative have highlighted these vulnerabilities, citing instances where personal data sourced from government databases, including NIN, BVN, and passports, were openly traded online.
In response, the World Bank’s funding was contingent upon Nigeria passing the Data Protection Act, ostensibly ensuring robust data protection standards. However, concerns persist as unauthorized access to sensitive information continues unabated, potentially exposing individuals to security risks such as identity theft and fraud.
Despite assurances from the NIMC that stringent security measures are in place, including adherence to ISO 27001:2013 standards, doubts remain about the effectiveness of these safeguards. Paradigm Initiative’s revelations underscore the urgent need for enhanced regulatory oversight and cybersecurity measures to mitigate risks associated with data breaches.
As stakeholders await official responses and proactive measures from regulatory bodies, the integrity of Nigeria’s digital identity infrastructure remains a critical concern amid the evolving landscape of data security threats.
