Amid data-handling concerns raised following the pandemic, Nigeria’s National Information Technology Development Agency (NITDA) has directed public institutions handling public data to secure them in digital databases.
This guideline is expected to be implemented within 60 days of issuance.
Additionally, probably in a bid to allay cybersecurity fears and scepticism, NITDA mandated that the process should be done in adherence to the highest level of information security, ensuring confidentiality, integrity, and resilience within the institution’s control.
In a press statement, the agency’s motive appears to be in adherence to global data regulatory models since the data are of public importance.
Due to foreseen collaborations with private institutions that may arise from an intervention necessary for citizens’ benefits — a case of contact tracing for coronavirus patients — the guideline provides a framework to retain data security despite involvement of third parties.
According to the statement, “the COVID-19 pandemic, for example, has brought up the need for more personal data use to limit the spread of the virus. While we recognise the existence of constitutional limitations on privacy rights in the interest of public health and safety, yet such limitations must be based on defined frameworks.”
And in the case of a violation, it added that the agency would “invoke the punitive sanctions provided in the NITDA Act 2007 and NDPR in the event of breach or abuse of personal data of Nigerians.”
A probable question, therefore, would be how feasible it is to achieve such within the timeline given; a scepticism that stems from how relatively unsuccessfully the nation has handled plans of keeping a central database in the past.
The lack of a strong data culture is not only a Nigerian problem. An African Governance Report (PDF) in 2019 revealed that the capacity for statistical data is still a challenge in Africa. This is mainly because the process seems cumbersome and costly.
The National Identity Management Commission (NIMC), for instance, which embarked on a national registration process in 2012, is yet to cover 50% of Nigerians both at home and in the diaspora. At a time when registration became arduous and the commission stopped giving out National Identification cards to registered individuals, the blame was put on cost.
However, research and data gathering is becoming less burdensome in some industries since private research establishments have begun joining efforts.
This goes without saying that digitising data and making it accessible — open data — has its downsides if not properly secured. The current age of cloud computing makes it possible for sensitive data to be duplicated, shared, and commercialised, without the knowledge of the original owner of the data.
But putting aside the worry of a possible violation of privacy rights, the larger picture, for agencies like NITDA, is to foster the use of the data for public good.
If anything, while the nation works towards achieving a mainstream digitised database, it should also ensure that the different subsidiaries in charge of data protection within their sectors act competent for the sake of national security.
Adding to the challenge of acquiring data and keeping them safe is the herculean process of creating a database from existing data already kept in long piles of hard cover documents, and how long it would take to compute them in a digital system.
The National Bureau of Statistics (NBS) in a projected reform admitted to most data being organised in the traditional way using a flat filing system like creating tables from surveys and administrative records for official publications.
While the NBS reform claimed that there are plans in place to deploy ICT-based systems — the first of which will be “the development of a Time-Series Socio-Economics Database of macro-level data” — initiating it on a wide scale may have taken longer than planned.
For a reform that has been in the works for more than a decade, achieving it in 60 days appears quite ambitious. And if this holds true for most public institutions in the country, it remains to be seen how this task will be accomplished.