Since no one is going to say it, I will.
This BVN registration exercise means that the Central Bank of Nigeria (CBN) has the bio data of every single person with a Nigerian bank account. When the BVNpocalypse struck yesterday, a lot of Nigerians realised just how serious CBN is taking this exercise.
There’s just a few things wrong with this scenario.
High up on the list is what the Paradigm Initiative has been hammering on since the inception of the BVN scheme – suspend the BVN exercise, setup detailed data privacy laws, then maybe proceed with the BVN exercise.
— Paradigm Initiative (@ParadigmHQ) October 30, 2015
They even sent a letter to the CBN, asking for the BVN exercise to be suspended until the data privacy laws are sorted out.
“The Bank Verification Number (BVN) upon perusal seeks to expose confidential information of private citizens and is also riddled with severe implications since there are no legal frameworks in place to safeguard the data collection exercise.” That’s an excerpt from the letter.
There’s no doubt that the BVN is a useful idea. It’s like a social security number, for bank accounts. I get it. I can see how useful it could be. But I also see the problem of putting the cart before the horse. If there’s no law protecting people from having their data a) sold to the highest bidder, b) accessed illegally; then the people become the losers in this exercise.
Our present world includes regular cyber breaches and data theft. The problem with not having adequate data privacy laws are twofold:
a). Who do we hold accountable when there’s a breach? I hate to be the one to say this, but I know it’s just a matter of time before someone looks at that BVN database and sees a juicy prize. I’m pretty sure, if the data privacy laws were thorough enough, we’d see a few things being done differently in the way the data is being captured and the security systems housing this data.
b) Have we asked the right questions? How secure is our data? What kind of system is protecting it from illegal access? What constitutes illegal access to this data? Why can’t there be information sharing across the several agencies? After all, I’ve done National ID card, SIM card registration and now, BVN. And still, I don’t have a say in how my details are used.
Finally, I’m going to let the pessimist in me come out. Look, some people are way ahead of the curve when it comes to hacking and cyberbreaches. They could get into Fort Knox if they wanted. If just one of them gets into that database , well… I’ve seen enough movies to know it usually doesn’t end well.
The major problem still remains, who is CBN accountable to, when it comes to the BVN? Afterall…