Nigeria Deserves Data Protection Agency
By Zaid O Olanrewaju
It is no longer news that data is the new oil. The greatest resource for mankind in the future remains data. Every process involves data while all businesses also hold data. Therefore there is a need to regulate compliance in the handling, transfer, manipulation and storage of data.
The Cambridge analytical revelations involving the harvest of about 80m users data via Facebook API has reinstated the need for proper monitoring and control of personal data. Nigeria being a pivotal nation featured prominently in this saga and which was a subject of UK parliamentary debate.
The recent saga around the recall of a senator with allegations and counter allegations on the source of signature on the list falls under the data management issues. It is not a new scenario that Nigerian telecom users get inundated with numerous marketing adverts both relevant and irrelevant. Nigerians receive numerous scam calls and spam messages which makes one imagine where the perpetrators could have accessed the mobile numbers.
In line with global practice, Nigeria needs to establish a data protection agency or the Office of Information Commissioner. This organisation will be dedicated to the management of the most vital Human Resource (Data).
As we all know, man is now in a digital age dominated by data and artificial intelligence. It makes no sense to turn the Nigerian data space into another unregulated sector.
Every major nation in the world that aspires to be relevant is very proactive with data management. In the European Union, data is regarded as a scared human right which is private and protected. The EU data Protection directive legitimates all organisations handling data to comply with the EU GDPR.
In the US there are two federal Laws which protect against unfair and deceptive practices and children data is protected despite a lax data culture. Each business sector and state also have fragmented approaches to data management. As of now, the United States does not have any unified, formal legislation at the federal level concerning this issue, but does guarantee the privacy and protection of data through the United States Privacy Act, the Safe Harbor Act and the Health Insurance Portability and Accountability Act.
In the United Kingdom, there is Data Protection Act 1998. This is a United Kingdom Act of Parliament intended to keep personal data stored on computers or in an organised paper filing system. It also follows the EU Data Protection Directive 1995 for protection, processing and movement of data. Ghana, a member of ECOWAS handles the right to privacy and data protection through its Data Protection Commission established in 2012.
The onus is on the Computer Society of Nigeria, NITDA , Ministry of Science and Technology, Ministry of Communication, other relevant governmental bodies and organisations that are heavy data handlers in the private sector to partner with the National Assembly (Senate and House of Representatives) in formulating a National data policy as existing structures are not adequate for the demands.
As a nation, we are continuously bombarded with requests of public office holders’ educational history, health status, financial reports among others. Most times data handlers – organisations handling the sensitive information are always in limbo and under intense pressure on what are the right course of action, a regulated data sector will make their job easier, while the citizens will know who to address when in need of information or when a data breach occurs.
I hope that these changes will improve data management practises thus the general perception of businesses will display an increased level of commitment to the protection of the personal data of consumers that are collected. In time, it is expected to see less misuse of data by unprincipled marketers while erring organisations will be held accountable.
Zaid O Olanrewaju is a scholar on Security and ICT
Banstead , Surrey , United Kingdom