By David Oluranti
This is in continuation of my previous post on the above subject. In this Post, we examine Nigerian legislation that give a semblance of data privacy protection and give a run down of available Nigerian case law dealing with the subject matter in question.
LEGISLATION:
A. The Childs Right Act, No. 26 of 2003 (the Child Rights Act): This law regulates the protection of children i.e. persons under the age of 18 years. The Act limits access to information relating to children in certain circumstances.
Section 8 of the Child Right Act guarantees every child’s entitlement to privacy, family life, home, correspondence, telephone conversation and telegraphic communications, while section 205(2) prohibits the publication of any information that will lead to the identification of a child offender, and requires that the records of child offenders be kept strictly confidential and closed to third parties except in certain limited circumstances.
B. The Freedom of Information Act No. 4 of 2011 (FOI Act): The FOI Act was created to, amongst many other things, make public records and information more freely available and to provide for public access to public records and information however the FOI Act limits the access to information in certain situations. The Act defines personal information as “any official information held about an identifiable person but does not include information that bears on the public duties of public employees and officials”.
Section 14 of the FOI Act, states that a public institution is obliged to deny an application for information that contains personal information unless the individual involved consents to the disclosure, or where such information is publicly available.
Furthermore, Section 16 of the FOI Act provides that a public institution may deny an application for disclosure of information that is subject to various forms of professional privilege conferred by law (such as lawyer-client privilege and journalism confidentiality privilege).
While these provisions of the FOI Act are a welcome development the obvious snag in the data protection provisions of the FOI Act is that it only applies to personal information in the custody of public agencies and institutions in Nigeria. It does not protect personal information in the custody of private organisations, such as telecommunication, banking and insurance companies.
This lacuna challenges the individual in search of all-inclusive data protection legislation, to look elsewhere, including the courts.
CASE LAW:
It is imperative to note that there are little or no precedents in the Nigerian legal system dealing with issues of data privacy and identity theft. While this may appear a plus for the justice system, in truth the situation should be a cause for concern.
However, going by the decision of the Nigerian Court of Appeal in the case of HABIB (NIG) BANK LIMITED v KOYA, it appears that an individual citizen whose data is collected, retained and managed by any public or private institution may bring an action in tort of negligence against such public or private institution if it can be established that:
(a) Upon collation of personal data of individuals, the collating institution or its personnel owes a duty of care to such individual whose personal data is being collated, stored and managed by them;
(b) If the collating institution or its personnel fails to safeguard and protect the personal data of such individuals with the standard of care reasonably required and applied by other collating institutions and their personnel in that business, such that the personal data are compromised for any purpose, which results in calculable damage to the individual whose personal data are compromised; and
(c) The said individual can establish that the loss he/she suffered was as a result of the breach of the duty of care to protect his personal data by the collating Institution.
While this in itself is no legislation, it is important to note that it lays down a judicial precedent for the protection of individual rights to data protection, this is however not enough to ensure adequate protection and regulation of personal information and data privacy.
In the modern world, with all of the social media outlets and technological advancements available, Identity Theft and data fraud is a real threat to any growing economy and population such as Nigeria. It is has thus become imperative that Nigerian lawmakers direct energies towards creating a comprehensive Law which will ensure that citizens feel safe and protected with the access to and usage of the their private information and data.
This is in continuation of my previous post on the above subject. In this Post, we examine Nigerian legislation that give a semblance of data privacy protection and give a run down of available Nigerian case law dealing with the subject matter in question.
LEGISLATION:
A. The Childs Right Act, No. 26 of 2003 (the Child Rights Act): This law regulates the protection of children i.e. persons under the age of 18 years. The Act limits access to information relating to children in certain circumstances.
Section 8 of the Child Right Act guarantees every child’s entitlement to privacy, family life, home, correspondence, telephone conversation and telegraphic communications, while section 205(2) prohibits the publication of any information that will lead to the identification of a child offender, and requires that the records of child offenders be kept strictly confidential and closed to third parties except in certain limited circumstances.
B. The Freedom of Information Act No. 4 of 2011 (FOI Act): The FOI Act was created to, amongst many other things, make public records and information more freely available and to provide for public access to public records and information however the FOI Act limits the access to information in certain situations. The Act defines personal information as “any official information held about an identifiable person but does not include information that bears on the public duties of public employees and officials”.
Section 14 of the FOI Act, states that a public institution is obliged to deny an application for information that contains personal information unless the individual involved consents to the disclosure, or where such information is publicly available.
Furthermore, Section 16 of the FOI Act provides that a public institution may deny an application for disclosure of information that is subject to various forms of professional privilege conferred by law (such as lawyer-client privilege and journalism confidentiality privilege).
While these provisions of the FOI Act are a welcome development the obvious snag in the data protection provisions of the FOI Act is that it only applies to personal information in the custody of public agencies and institutions in Nigeria. It does not protect personal information in the custody of private organisations, such as telecommunication, banking and insurance companies.
This lacuna challenges the individual in search of all-inclusive data protection legislation, to look elsewhere, including the courts.
CASE LAW:
It is imperative to note that there are little or no precedents in the Nigerian legal system dealing with issues of data privacy and identity theft. While this may appear a plus for the justice system, in truth the situation should be a cause for concern.
However, going by the decision of the Nigerian Court of Appeal in the case of HABIB (NIG) BANK LIMITED v KOYA, it appears that an individual citizen whose data is collected, retained and managed by any public or private institution may bring an action in tort of negligence against such public or private institution if it can be established that:
(a) Upon collation of personal data of individuals, the collating institution or its personnel owes a duty of care to such individual whose personal data is being collated, stored and managed by them;
(b) If the collating institution or its personnel fails to safeguard and protect the personal data of such individuals with the standard of care reasonably required and applied by other collating institutions and their personnel in that business, such that the personal data are compromised for any purpose, which results in calculable damage to the individual whose personal data are compromised; and
(c) The said individual can establish that the loss he/she suffered was as a result of the breach of the duty of care to protect his personal data by the collating Institution.
While this in itself is no legislation, it is important to note that it lays down a judicial precedent for the protection of individual rights to data protection, this is however not enough to ensure adequate protection and regulation of personal information and data privacy.
In the modern world, with all of the social media outlets and technological advancements available, Identity Theft and data fraud is a real threat to any growing economy and population such as Nigeria. It is has thus become imperative that Nigerian lawmakers direct energies towards creating a comprehensive Law which will ensure that citizens feel safe and protected with the access to and usage of the their private information and data.
No comments:
Post a Comment