Developments such as the required sim card and BVN registrations, controversies surrounding the regulation of internet access etc. and the activities of the Department of Security Services and the Economic and Financial Crimes Commission have made a lot of people uneasy about the privacy of their communications and security of data they have provided. On 13th December 2016, Sterling Partnership alongside Microsoft Nigeria and Lexavier Partners held a workshop on cloud technologies at the Eko Hotel and Suites. At this forum, participants posed numerous questions indicating anxiety about the safety of their communications and private data.

As a fallout of deliberations at the workshop, we deemed it fit to highlight in this publication the Nigerian legal regime for security of private data and communications. We do hope you have a good read and convey our best wishes for a very merry Christmas and a prosperous 2017!

Esther Onoji


Personal information or personally identifiable data is a subject that people have become aware of the need to protect. Nigerian law guarantees the protection of personal information supplied to various databases such as those held by telecommunications and internet service providers, hospitals and hotels etc. and also private communications by text, telephone etc. We have however confined our discussions in the publication to the privacy of telephone communications and data collected by the telecommunications/internet service providers.


Section 37 of the Constitution of Nigeria guarantees the right to “the privacy of citizens” which essentially implies privacy in the broad sense and not just privacy of homes, correspondence, telephone conversations and telegraphic communications that follow. This overarching rule on privacy is important because without it, face to face conversations outside homes would not be protected. Flowing therefore from the Constitutional right to privacy, certain information gathered from Nigerians to form various databases, particularly in the telecommunications industry are protected.

The Nigerian Communications Commission (NCC)
The Nigerian Communications Commission (NCC) is empowered to call up data/information from persons subject to it i.e. telecommunications and internet service providers. Indeed, the NCC exercising monitoring and reporting powers can monitor and report “industry statistics generally including but not limited to service provisioning, traffic patterns, industry operators, etc.” which will necessarily involve also consumer data/information.

The NCC is required to keep several registers, some of those consisting of consumer data and being public records, persons can apply for copies upon payment of fees. Significantly, the NCC is obliged to exclude data/information in the public interest or for safety reasons.  This, of course, incorporates consideration for the privacy of citizens. The NCC Act makes provision for consumer protection and consumers can report misuse of their information/data by their service providers to the NCC for remedy.


The NCC is empowered to make rules, regulations and guidelines which extends also to data/consumer protection rules. Pursuant to this power, the NCC issued the General Consumer Code of Practice (the Code) under which service providers are required to model their consumer codes. The Code generally prohibits unsolicited telemarketing except under certain conditions designed to protect consumer interests. Notably, the Code has extensive provision for the protection of consumers’ information/data. Key provisions of the code include:

  • Data collected by a Licensee on individual consumers should be lawfully retrieved and not transferred to any party except as permitted by any terms and conditions agreed with the Consumer.
  • Licensees are required to comply with generally accepted fair information principles such as providing notice regarding the use or disclosure of individual Consumers information, the security measures taken to protect the information and the enforcement and redress mechanisms that are in place to remedy any failure to observe these measures.
  • The requirement above applies to individual Consumer information retained by the Licensee in any recorded form notwithstanding the form in which the information was provided by the consumer (i.e. verbally or in written form).
  • Consumers are empowered by virtue of the Code to complain to their service providers on services rendered and information pertaining to their compliant must be retained for 12 months after resolution of the complaint.
  • The service provider is required to treat information regarding the complaint as confidential. 


The NCC has also provided the Registration of Telephone Subscribers Regulations 2011 under which there is a central database of all subscribers housed by the NCC. The NCC is required to manage the database although it is treated as a property of the Federal Government of Nigeria. By virtue of the Regulation, service providers have right to use their customers’ information in accordance with law. Security agencies have a right to the information subject to a request made to the NCC from an officer of Assistant Commissioner of Police rank or equivalent status in other security agencies. The Regulation contains several provisions protecting consumer information that border on confidentiality, access to the information by the consumer and use of the information. To ensure compliance with the provisions of the Regulation, entities that have direct access to subscribers information will be liable to a fine of N200, 000 for every subscriber information retained, duplicated or treated in a manner that contradicts the provision of the Regulation. A fine of N1, 000, 000 is prescribed for every subscriber information used in any business, commercial or other transactions.


The NCC’s Mobile Number Portability Regulations 2014 lays down the basic process framework for implementation of mobile number portability in the country.

This Regulation protects the confidentiality of the subscriber information during porting, and ensures the data is used solely for the purpose of porting the mobile number.


The Cybercrimes (Prohibition, Prevention) Act 2015 essentially prohibits unlawful access to data and communications which attract prison sentences of varying years. For instance, the Act provides that a person found guilty of intercepting electronic messages, emails relating to electronic money transfers is liable to imprisonment for 7 years in the first instance and upon second conviction to 14 years imprisonment. 


Telecommunication and the internet have necessitated massive data collections which pose challenges to the privacy of persons. Nigerian law, particularly through the intervention of the NCC has extensive rules to prevent misuse of private information collected and secure the communication of Nigerians. These have been succinctly discussed above. It should also be noted that since the ultimate protection is guaranteed by the Constitution, anyone who feels his/her right to privacy is being infringed or about to be infringed by unauthorized access to his/her private communications or data, can access the High Court either to stop an impending invasion of privacy or to secure compensation for violation of privacy.  


As the Christmas celebration draws close, the Lagos state government yesterday said it will commence the sales of the much awaited Lake rice (the acronym of both Lagos and Kebbi States joint product) today. The sale, earlier scheduled for December 15 at a cost of N13, 000 per 50 kg has been re-scheduled to commence today at some specific locations across the state. It was however gathered the late arrival of the rice was due to unexpected delay n production. However, a state official who preferred anonymity told Vanguard that the price of the 50 kilogram bag of the rice has been reduced to N12, 000 against the earlier speculated N13, 000


When the Cyber-Crime Prohibition Act 2015 becomes fully operational in 2017, it will enable government fight fraudsters and cyber criminals in more aggressive manner, Chairman, Nigeria Electronic Fraud Forum (NeFF), Dipo Fatokun, has said.The Act is an elaborate policy, which protects Nigerians from scammers who use the Internet to defraud unsuspecting individual and organisations. It also provides for the prohibition, prevention, detection, response, investigation and prosecution of cybercrimes; and for other related matters. NeFF was set up by the Central Bank of Nigeria (CBN), the lender of last resort, to enable information sharing and knowledge exchange among key stakeholders