These websites expose private CAC details of company directors, shareholders

October 23, 2019 · 2 min read
No Image

Confidential information used for company incorporation with Nigeria’s Corporate Affairs Commission (CAC) seems to have found its way to the public domain.

The public search database controlled by CAC already exists, but it only includes information such as a company’s RC number, name, address, and date of incorporation.

A screenshot of the search for Dangote’s incorporation on CAC

A couple of seemingly third-party website, on the other hand, include information on the directors and shareholders of companies, as well as their phone numbers and email addresses when they can get them.

A corresponding search for Dangote Cement’s incorporation on, one of the websites in question

The websites in question include, and However, is no longer reachable.

Violation of the CAC Privacy Policy

According to a data privacy professional we reached out to, the websites contain personal information that is exclusively disclosed to the CAC.

Since the information gotten is usually disclosed to the CAC in the course of incorporating business entities in Nigeria, our data privacy professional highlighted various issues present and the privacy policy on the CAC website.

Clause 3.1 of the policy states that:

“Personal information submitted to us through our portal will be used for the purposes specified in this policy or on the relevant pages of the portal.”

The above statement, in addition to Clause 3.3 of the policy, promises not to supply the information provided to third parties for direct marketing.

“We will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party’s direct marketing.”

Clause 4.5  states that the CAC “…will not provide your personal information to third parties.”

The CAC’s stance on third parties.

According to the data privacy professional, this means the third parties may have unfettered access to more information submitted at the point of incorporation, which could be used for malicious purposes — a clear violation of the CAC Privacy Policy.

Further research reveals that these websites have little to no policy on data privacy to protect the data of companies listed. Just one — NG Corporates — has a brief privacy policy, which protects the visitors to the site, but not the companies or persons listed.

These websites claim to get their information from public resources and, in the case of NG-Check, government data.

Concerned stakeholders are currently taking necessary steps to bring this to the attention of the CAC and the National Information Technology Development Agency (NITDA). At this time it is unclear what part the CAC plays in this.

Udoka Chiefe

Udoka Chiefe


Writer | Learner| Technologist Interested in technology, law and new discoveries.

Latest Stories


Techpoint Logo Footer

43b, Emina Cres, Allen, Ikeja.

Techpoint instagramTechpoint twitterTechpoint facebookTechpoint youtubeTechpoint linkedin

© 2022 Techpremier Media Limited. All rights reserved