“The end game is you change that law to making that law better, whichever law you’re talking about.” – Mike Lowry
To say that the internet is the greatest single convergence of the world would be no less than absolutely true. The whole world is on the internet or at least most of it. With such a huge level of international heterogeneity, a unilateral regulation coordinating the activities of the Internet is nearly impossible.
There is a clear lack of consistent and widespread regulation of Internet and communication technology particularly around data privacy and security. The effects of this on the state of the Internet is crucial. Many modern-day business services, such as businesses floated on online market space are global in nature, and it can be difficult to determine the applicable jurisdiction. This makes IT regulations that bit imperative.
Information Technology regulations comprise directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access (stealing intellectual property or confidential information) and control system attacks.
IT regulations help shape and direct the activities of users toward the acceptable standards of online behavior and activities. IT regulations refer to legislation focused on acceptable behavioral use of technology including computer hardware and software, the internet, and networks. It is also referred to as cybersecurity regulations. IT regulations are often described as “paper laws” for a “paperless environment.”
These set of regulations specifically address the issues around intellectual property in computing and online, contract law, privacy, freedom of expression, and jurisdiction. There are rules on the uses to which computers and computer networks may be put, in particular there are rules on unauthorized access, data privacy and spamming.
There are also limits on the use of encryption and of equipment which may be used to defeat copy protection schemes. In various countries, areas of the computing and communication industries are regulated – often strictly – by government bodies.
IT regulations in Nigeria are the responsibility of the National Information Technology Development Agency (NITDA). In 2018, NITDA signed a Memorandum of Understanding with the University of Lagos to institute the Masters of Laws in Information and Communication Technology (LLM). The MoU included an agreement that NITDA will provide financial and technical fulcrum upon which UNILAG would enhance research at master’s degree level in law and produce post-graduates with specialty in ICT laws putting into consideration the increasing degree of the relevance of technology in national and global spheres.
The Minister of Communication and Digital Economy, Dr Isa Ali Pantami, then DG NITDA, captured the essence and profundity of the event, he said, “I consider the MoU as something very important as it relates to ICT law. We have serious challenge in the area of cyberlaw or ICT law because as we all know NITDA was established in 2011 to implement a national policy of year 2000. Six years later the NITDA Act was passed.
Therefore, part of our strategy to develop IT is award of scholarship to brilliant Nigerians. We have been implementing this policy and where the challenge lies in Information Technology regulations. We can only regulate with ICT lawyers; if not, you will find it difficult to enforce or implement regulatory rights. Through this programme we want to have sufficient number of ICT lawyers to make sure the sector is protected.”
In 2019, NITDA introduced five (5) new regulatory guidelines for the IT industry in Nigeria. The issuance of the regulation was in pursuance to Section 6 (c) of the NITDA Act 2007. The first regulation issued was the Rulemaking Process of NITDA, through this instrument a clear process for rule-making for issuance of Frameworks, Standards and Guidelines was established under NITDA.
By the guideline, Rulemaking Process became an integral part of operations of the Agency. The second was the Nigerian Data Protection Regulation of NITDA, the regulation empowers NITDA to issue regulations and monitor the use of electronic data interchange and other forms of electronic communications on all matters pertaining to government, commerce, and the private and public sectors.
This guideline provides the basis for which personal data of Nigerian citizens will be protected and managed. Third amongst the regulations was the guidelines for clearance of Information Technology Projects, which include MDAs, Federal Institutions and Federal Government Owned Companies. Section 6 paragraphs (a) (b) (c) of the NITDA Act 2007 provide the basis for this guideline.
The guideline sets the process to guide federal institutions in procuring Information Technology goods and guidelines. The guideline identifies IT procurements by the Federal Government as national investments and therefore stipulates the process that must be followed to prevent waste, engender accountability and to ensure these investments are used for the development of IT in Nigeria. Among this guideline’s core objective is to ensure non-duplication of IT projects and use local content where available. The guideline has facilitated the saving of over 13 billion to the Federal Government.
The fourth is the Framework and Guidelines for Public Internet Access (PIA), it provides a framework and guidelines for providers of public internet access services to maintain appropriate systems and policies to protect Nigerians who use these services. This regulation addresses the consequence of increasing availability of free internet access across the country and the unscrupulous elements that may take advantage of these systems to compromise the cybersecurity of Nigerians or the possibility of misuse of citizens’ data.
Section 6 (a, b, i, m) of NITDA Act empowers the Agency to issue guidelines to ensure appropriate systems and practices are in place for use of Information Technology as a resource. The fifth and last is the Framework and Guidelines for the use of social media platforms in public institutions.
Through this regulation NITDA will continue to monitor the use of social media for Federal Public Institutions to ensure consistency and professional use of these platforms. The regulation recognizes how lines can increasingly become blurred between representing the ideas of Government and personal ideas through social media platforms. Absence of clear policies in certain cases by Federal Institutions can cause important information and records to be lost when handlers of these platforms either move from their roles or leave the organization.
In the one-year period between August 2019 and August 2020, NITDA has created 272 user accounts to enable MDAs submit their projects via the IT projects clearance portal. To create a proper feedback mechanism for quality assurance, an interactive platform for MDAs and IT service providers to enhance quality of service delivery in government institutions was developed.
NITDA has further conducted stakeholders’ engagement on the Service Level Agreement (SLA) framework that will guide MDAs in drafting SLA agreements with service providers. NITDA has also cleared 154 unique IT projects of 73 MDAs with a total amount of N1,186,525,676,649.05. Put together, the initiative has saved the Federal Government Nigeria over N17 billion.
The Agency has licensed 70 Data Protection Compliance organizations (DPCOs) and inaugurated the Data Breach Investigation Team (DBIT) in partnership with Nigeria Police Force for enforcement. The partnership with the police is strategic in order to curb cybercrimes through the deployment of technology and achieve the sanitization of Nigeria’s cyber space. The Data protection sector alone is now valued at up to N2,295,240,000.00.
As the part of the regulation of the IT industry, NITDA has issued 230 compliance and enforcement notices: 8 data breach cases in investigation; imposed the first Nigeria Data Breach fine to one organization. This goes to show the value to which protection of personal data of Nigerians means to the Agency and the novel ways it has established to ensure protection of such data. Already the NDPR implementation framework is underway and a draft has been prepared and put in public domain.
The Agency has issued Guidelines for Management of Personal Data by Public Institutions. It is important that public institutions have the knowledge and are aware of the best practices for personal data management and the conditions that constitute a breach of such.
The Agency further facilitated 93 NDPR events with 5,496 competences developed. Federal Government earned the sum of N12,650,000 from DPCO licensing and audit report filing. The Agency’s achievements have also been recognized on the African continent. NITDA was appointed vice chair of the African Union Policy and Regulatory Initiative for Digital Africa (PRIDA).
The Internet remains a valuable asset in the digital age but the regulations guiding the use of the Internet ensure the safety of all users and will continue to evolve at a fast-pace. NITDA will continue to develop regulations to ensure the safety of Nigerians on cyberspace. Anytime one is on cyberspace it is important to protect oneself, and it is also important to be verse with the regulations so that one does not, wittingly or unwittingly, become an element that the regulation abhors.