The National Identification and Registration Authority (NIRA) has moved to reassure Ugandans that the National Identification Register (NIR) remains secure, following allegations of staff misconduct in sharing citizens’ personal data as highlighted in a recent BBC investigation.
In a statement, the Authority emphasized its commitment to safeguarding the security, privacy, and integrity of the Register, which plays a central role in service delivery, financial inclusion, and national security.
“NIRA wishes to reassure all Ugandans that their personal and biometric data remains confidential, secure, and intact,” the statement read. It added that strong technical, legal, and institutional safeguards are in place, and continuous improvements are being made to align with global best practices.
Addressing the BBC exposé, NIRA said the broadcaster “is yet to submit further evidence on this matter in keeping with the Data Protection Regulations.”
However, the Authority confirmed that it has already initiated an investigation in collaboration with the Personal Data Protection Office (PDPO) and the Uganda Police Force.
“Once the investigations are concluded, any person found culpable will face both disciplinary action and criminal prosecution as provided by the law and the public will be informed accordingly,” NIRA stated.
The Authority also warned its employees against unlawful data disclosures.
“Employees who disclose personal data unlawfully will be punished,” NIRA cautioned, underscoring a policy of zero tolerance for misconduct.
To back its reassurance, NIRA highlighted a range of legal, technical, and institutional safeguards.
Under the Registration of Persons Act (ROPA) and the Data Protection and Privacy Act, it is required to observe strict information security practices, limit the use of data to lawful purposes such as ID issuance and national security, and enforce severe penalties for breaches.
Technically, NIRA said it employs data encryption, role-based access controls, secure government-run data centers, and intrusion detection systems to prevent cyber threats.
Institutionally, it has appointed a Data Protection Officer, enforces staff confidentiality agreements, and subjects all data access to audits and independent oversight by the PDPO.
“NIRA therefore informs the public of its commitment in preserving the integrity of the National Identification Register and that the citizens’ personal and biometric information is secure,” the Authority concluded.
The National Identification and Registration Authority (NIRA) has moved to reassure Ugandans that the National Identification Register (NIR) remains secure, following allegations of staff misconduct in sharing citizens’ personal data as highlighted in a recent BBC investigation.
In a statement, the Authority emphasized its commitment to safeguarding the security, privacy, and integrity of the Register, which plays a central role in service delivery, financial inclusion, and national security.
“NIRA wishes to reassure all Ugandans that their personal and biometric data remains confidential, secure, and intact,” the statement read. It added that strong technical, legal, and institutional safeguards are in place, and continuous improvements are being made to align with global best practices.
Addressing the BBC exposé, NIRA said the broadcaster “is yet to submit further evidence on this matter in keeping with the Data Protection Regulations.”
However, the Authority confirmed that it has already initiated an investigation in collaboration with the Personal Data Protection Office (PDPO) and the Uganda Police Force.
“Once the investigations are concluded, any person found culpable will face both disciplinary action and criminal prosecution as provided by the law and the public will be informed accordingly,” NIRA stated.
The Authority also warned its employees against unlawful data disclosures.
“Employees who disclose personal data unlawfully will be punished,” NIRA cautioned, underscoring a policy of zero tolerance for misconduct.
To back its reassurance, NIRA highlighted a range of legal, technical, and institutional safeguards.
Under the Registration of Persons Act (ROPA) and the Data Protection and Privacy Act, it is required to observe strict information security practices, limit the use of data to lawful purposes such as ID issuance and national security, and enforce severe penalties for breaches.
Technically, NIRA said it employs data encryption, role-based access controls, secure government-run data centers, and intrusion detection systems to prevent cyber threats.
Institutionally, it has appointed a Data Protection Officer, enforces staff confidentiality agreements, and subjects all data access to audits and independent oversight by the PDPO.
“NIRA therefore informs the public of its commitment in preserving the integrity of the National Identification Register and that the citizens’ personal and biometric information is secure,” the Authority concluded.
