Expressverify.com’s unauthorized NIN verification incident has prompted the Nigerian Data Protection Commission (NDPC) to intensify its scrutiny of the licensees. An investigation by NDPC uncovered that a third-party initially authorized to provide verification services allowed expressverify.com to utilize its NIN verification credentials for verification purposes.
NDPC disclosed that it is currently probing the circumstances surrounding this authorization. As a response to the incident, the National Identity Management Commission (NIMC) has enforced restrictions on access to its database following established remediation procedures.
Although the blanket restriction impacted legitimate and crucial verification requests, a limited access has been reinstated for select essential service providers like those in education and security sectors after a thorough evaluation.
NDPC stated that the current investigation, being conducted by relevant agencies, aims to determine how expressverify.com acquired the credentials of legitimate third parties and ascertain the responsibility of involved individuals according to the prevailing laws.
Going forward, NDPC emphasized that all data processing activities by licensees will be closely examined, and only those demonstrating credible evidence of regulatory compliance will be authorized to conduct NIN verification.
“Additionally, a series of comprehensive training sessions will be organized to ensure that personnel and licensees are well-informed about the obligations and standards mandated by the Nigeria Data Protection Act, NIMC’s Privacy Policy, and other relevant regulatory guidelines,” stated Babatunde Bamigboye, Head of Legal, Enforcement, and Regulations at NDPC.
NDPC also urged the public to recognize the National Identification Number (NIN) as a fundamental data for sustainable development.