Lagos Internal Revenue Service (LIRS) has been fined one million naira (N1million) for allegedly breaching the Nigeria Data Protection Regulation (NDPR).
The National Information Technology Development Agency (NITDA) disclosed this in the Agency’s first NDPR Annual Performance Report 2019-2020.
On December 2019, TechEconomy.ng reported that NITDA accused the Lagos State Internal Revenue Service, LIRS, of exposing taxpayers’ identity online.
The Agency said it was reliably informed and duly ascertained LIRS published a web portal – https://lagos.qpay.ng/TaxPayer – where personal information of tax payers of Lagos State was gleaned by the general public in breach of the Nigeria Data Protection Regulation (NDPR), 2019.
Although, the said portal has been disabled, however, NITDA said LIRS cannot be exonerated from the breaches, adding than more wide scale investigations have commenced on the matter.
DRIL file suit against NITDA and LIRS – EIE, PIN call for investigations
Meanwhile, Civil Society Organisations – Enough is Enough Nigeria (EiE) and Paradigm Initiative (PIN) – had expressed reservations over the ability and suitability of NITDA to play the role of a data protection agency in Nigeria.
In a joint statement issued on February 12, 2020, the CSOs said, “One would have thought the agency would work to prove doubters wrong by ensuring that violations against its regulations are duly punished.
“We are mindful that the Digital Rights Lawyers Initiative (DRLI) has filed suit No. FHC/L/CS/56/2020 against both LIRS and NITDA on the data breach seeking orders mandating NITDA to fine LIRS as provided under the NDPR to the tune of 2% of their annual gross revenue.
“We are monitoring this process and we will work with the litigant to ensure it is seen to a reasonable conclusion.
NITDA gives update in new report
In the year under review, NITDA said it served 51 enforcement notices on data controllers who are perceived to have breached the provisions of the NDPR.
“Also, 180 compliance notices were served on Ministries, Departments and Agencies of government, one of which is the Lagos Internal Revenue Service (LIRS) breach.
“The LIRS was found to have exposed the personal data of some taxpayers in the process of harmonising historical tax data. NITDA initiated an investigation on LIRS and its major data processor. A fine of One Million naira (N1,000,000.00) (over $2,500) was imposed on the LIRS”, the NITDA report reads.
TechEconomy.ng gathered that the decision on fine value was reached by NITDA after considering the cooperation and prompt remedial actions taken by the LIRS in the course of the investigation.
“On the other hand, NITDA has commenced investigation into the activities and operations of seven (7) data controllers as part of its enforcement drive.
“The Agency is being mindful of the implications of negative publicity on business, hence refrained from making public statements on breach until the legal and procedural basis has been established”, NITDA said.