E-Government web services and security of Personally Identifiable Information in developing nations a case of some Nigerian embassies

“…Several studies have looked into the privacy and security practices of e-government sites mainly in West Africa with only few studies done in the context of East Africa. A study of privacy practices of e-government websites in Ghana, Nigeria, Sierra Leone, Gambia, and Liberia against ISO 29100 privacy principles and the ECOWAS Regional Data Protection Act revealed the existence of limited controls in protecting the PII of the respective countries' citizens and complying with the above privacy principles/acts [15]. A separate study that examined PII processing by Nigerian consulates in 8 countries revealed the existence of ineffective controls in the protection of PII of Nigerian citizens living abroad [16].…”

“…Mutimukwe et al evaluated compliance of three leading e-government service providers' in Rwanda with international privacy principles and found that the providers partially comply with the principles [17]. However, [15,1] examined limited privacy and security parameters when evaluating compliance while [17] relied on survey and interview data to draw their conclusions. Our approach advances the aforementioned studies by evaluating websites' actual privacy practices using web scraping and data mining techniques.…”

State of Security and Privacy Practices of Top Websites in the East African Community (EAC)

“…Several studies have looked into the privacy and security practices of e-government sites mainly in West Africa with only few studies done in the context of East Africa. A study of privacy practices of e-government websites in Ghana, Nigeria, Sierra Leone, Gambia, and Liberia against ISO 29100 privacy principles and the ECOWAS Regional Data Protection Act revealed the existence of limited controls in protecting the PII of the respective countries' citizens and complying with the above privacy principles/acts [15]. A separate study that examined PII processing by Nigerian consulates in 8 countries revealed the existence of ineffective controls in the protection of PII of Nigerian citizens living abroad [16].…”

“…Mutimukwe et al evaluated compliance of three leading e-government service providers' in Rwanda with international privacy principles and found that the providers partially comply with the principles [17]. However, [15,1] examined limited privacy and security parameters when evaluating compliance while [17] relied on survey and interview data to draw their conclusions. Our approach advances the aforementioned studies by evaluating websites' actual privacy practices using web scraping and data mining techniques.…”

State of Security and Privacy Practices of Top Websites in the East African Community (EAC)

“…A study [5] was carried out recently to reveal how some Nigerian e-government web services process citizens' PII in unsecured web environment without adequate security in place on those web portals or any globally acceptable regulatory framework for online personal data protection and thus exposing the sensitive information to the threat of identity theft. In another related research on balancing security and privacy in e-government services [13], a "trustworthy system" was advocated to complement the multiple technical nuances of security so as to provide privacy, security and trust in e-government web services.…”

“…Although outsourcing generally has some benefits which include: cost efficiency, scalability as well as flexibility, there are a lot of inherent risks associated with outsourcing of citizens' PII data collection leading to dangers of the data being revealed to the service provider or any illegal user thus resulting in unexpected outcomes. Several risks on outsourcing business process operations had also been assessed to include a misuse of trust and security breaches [5] whereby the authors refers to a "misuse of trust" in a data privacy respect arguing that the external service provider needs access to non-encrypted sensitive data from the customers of a bank in order to process the outsourced transaction. Thus the risk is that service provider employees may use this data in an unauthorized manner (e.g.…”

“…To achieve this, they have seized the advantage of technology to capture the PII data of Nigerian citizens in the respective countries through the online registration portal they provide. The exercise according to these embassies is aimed at establishing and effectively monitoring of the number and spread of Nigerian citizens across these countries, in order to assist them in the event of natural or man-made disasters, and also to build enough 'critical mass' to convince the Nigerian Government for the approval of absentee voting in times of election [5]. However, these PII data collection process had been outsourced to external service providers in seven out of the observed nine Nigerian embassies across the world, thus creating the potential risk of identity theft and other cyber threats to the citizens' PII information [5].…”

Privacy, Security and Trust Issues Arising from Outsourcing PII Data Collection in Developing Nations. A Case of Nigeria E-government Services

State of Security and Privacy Practices of Top Websites in the East African Community (EAC)