An internet security expert and head of trust and safety at Cloudflare, Justin Paine, on October 30, said he had discovered a serious data breach that had rendered some Arik Air passengers’ data stored on Amazon S3 Bucket vulnerable and unprotected. This data included information such as their names, email addresses, phone numbers, travel schedule, and even card details.
Arik Air – "West-Africa's leading airline" – grounded by an Amazon S3 leakhttps://t.co/R04FykY20m
— Justin (@xxdesmus) October 30, 2018
Paradigm Initiative is however compelled by this event to, once again, call upon the Nigerian government, particularly the legislature, to enact a data protection law for its citizens and residents in line with international best practices.
Section 37 of the Constitution of the Federal Republic of Nigeria expressly states that “The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected.” Data protection is, therefore, an inherent responsibility where privacy has been granted.
Proper care must be taken to protect every information submitted to data custodians and processors, but much more than that, the Nigerian government must clearly and expressly mandate every data holder or processor to secure data in their care. This must be done by the enactment of a law in which all necessary legal and technical standards are laid out.
As it stands, Nigerians are extremely vulnerable and exposed by the absence of the country’s firm stance against the poor protection of data. And as data breaches occur in the country, there is no legally stipulated process, redress or resort for the aggrieved, no laws detailing data protection responsibilities on the data holders, no real laws to guide the judiciary.
Although there are some data protection Bills at the National Assembly namely; Data Protection Bill (HB02), Protection of Personal Information Bill (SB 310), and the Digital Rights and Freedom Bill (HB 490) which is closest to becoming a law. The Bill which has been passed by both houses of the National Assembly contains provisions for data protection. These provisions align with internationally recognized principles of data protection and are clear and unambiguous.
The Digital Rights and Freedom Bill (HB 490) has however not been transmitted to the office of the President of the Federal Republic of Nigeria for his assent. It has been over 7 months since the National Assembly passed the Bill. We call on the National Assembly to immediately transmit this Bill to President Muhammadu Buhari.
Paradigm Initiative also calls on the federal government to ensure that the alleged data leak is not swept away but rather thoroughly investigated. Nigeria cannot afford to continue to miss important learning opportunities and wakeup calls such as this one. Appropriate actions have to be taken, and now.