An investigation has been launched into the creation of a taxpayer’s portal by the Lagos State Internal Revenue Service (LIRS). The action has been ruled as a breach of Nigeria’s privacy law.
The probe is being carried out by the National Information Technology Development Agency (NITDA). According to the agency, the action of the Lagos tax administrator contravenes provisions of the Nigeria Data Protection Regulation, 2019.
Nairametrics had reported that the Lagos State government created a portal for taxpayers; individuals and corporate organisations. The tax portal is an initiative that ensures ease of tax administration in Lagos State and eliminates cumbersome procedures, allowing taxpayers to monitor and access their tax information. To access your tax details as a registered taxpayer, what you need is your taxpayer’s name.
A costly mistake: Director-General, NITDA, Kashifu Abdullahi, explained that to access personal information of taxpayers was a glitch from a consultant of the service. He said despite the exposure of data being a third-party mistake, LIRS wouldn’t be protected from “responsibility or culpability from whatever actions, civil or criminal, that may arise from such glitch.
“We stress that such glitches are in breach of the NDPR and invariably the National Information Technology Development Agency Act, 2007.”
He added that, “The agency will further investigate this breach and the circumstances surrounding it with the aim of assessing the impact of the breach as well as determine responsibility and culpability of data controllers or processors connected to the breach and prevent future occurrence.
“We also advise the public to be vigilant and to report immediately to NITDA or other law enforcement agencies if they notice that the information of any data subject on the LIRS database is further disclosed or used in any manner in violation of the NDPR.”
The problem with the portal: While the initiative will ease procedure and help taxpayers monitor their tax activities, it could grant strangers access to the personal information of individuals and corporate organisations without approval. All that is needed is the individual or company name, and the taxpayer’s ID, email, phone and address will be made available.