TheCable

On Friday, the Lagos State Internal Revenue Service (LIRS), published the names, residential addresses, phone numbers, e-mail addresses and private data of taxpayers in the state.

TheCable accessed the website, where the private data of any tax-paying individuals and companies in the state could be seen.

This is against the Nigeria Data Protection Regulation (NDPR) 2019, which stipulates that such information be kept safely by the collating agencies.

Consequently, the National Information Technology Development Agency (NITDA) has kicked against the move by the state tax agency.

The Portal

In a statement seen by TheCable, NITDA said “it was reliably informed and duly ascertained that the Lagos State Internal Revenue Service (LIRS) published a web portal – https://lagos.qpay.ng/TaxPayer – where personal information of tax payers of Lagos State was gleaned by the general public in breach of the Nigeria Data Protection Regulation (NDPR), 2019”.

‘LIRS: EXPOSING PRIVATE DATA WAS A GLITCH’

In the statement signed by Kashifu Abdullahi, NITDA director general/CEO, the agency said the data leak by LIRS was a glitch from the consultant handling the portal.

“We have also been informed that the LIRS has indicated that public access to the portal was a glitch from a consultant of the Service and that the portal has been duly disabled,” NITDA said.

“We commend LIRS for the swift remedial action in disabling the portal and pulling the website away from the public domain. We, however, warn that glitches of this kind do not insulate LIRS from responsibility or culpability from whatever actions, civil or criminal, that may arise from such glitch, as personal and confidential information of data subjects were made available to the public illegally.

“We stress that such glitches are in breach of the NDPR and invariably the National Information Technology Development Agency Act 2007.

“The Agency will further investigate this breach and the circumstances surrounding it with the aim of assessing the impact of the breach as well as determine responsibility and culpability of data controllers or processors connected to the breach and prevent future occurrence.

“We also advise the public to be vigilant and to report immediately to NITDA or other law enforcement agencies if they notice that the information of any data subject on the LIRS database is further disclosed or used in any manner in violation of the NDPR. We enjoin all parties to cooperate with NITDA as we seek to protect the personal and confidential information of Nigerian Citizens from misuse and abuse.”

NITDA is a federal government agency established in April 2001 under the supervision of the federal ministry of communications and the digital economy. It coordinates general IT development and regulation in the country.