“The partitions have ears, and the timber have eyes.” — African Proverb
In an period the place the office is more and more digital and data-driven, the query of how employers acquire, course of, and share worker information is not a matter of operational element; it’s a query of belief, compliance, and technique.
The evolving regulatory setting in Nigeria, coupled with world expectations on information privateness, is forcing organisations to rethink how they deal with worker info. Whereas employers have authentic causes for accumulating information, starting from payroll and efficiency administration to well being and background checks, the rise of latest applied sciences and digital instruments has uncovered gaps in how that info is safeguarded and shared.
“Organisations that present respect for worker privateness ship a message of professionalism, transparency, and moral management. In the long term, this helps with expertise retention, model repute, and company resilience.”
The Nationwide Knowledge Safety Regulation (NDPR), launched in Nigeria in 2019, was a pivotal second. It created obligations for employers to justify information assortment, acquire knowledgeable consent, guarantee accuracy, and put safeguards in place towards unauthorised entry or sharing. However compliance has been uneven, particularly amongst small and mid-sized enterprises that lack structured HR or authorized departments.
Many Nigerian employers nonetheless deal with worker information as a proprietary asset moderately than a protected proper. In some situations, delicate info, equivalent to medical historical past, faith, or next-of-kin contact, is casually saved in unsecured codecs or shared with third events with out due course of.
The danger is just not solely authorized but additionally reputational. A breach of worker belief can shortly flip right into a viral scandal, and regulatory sanctions are not idle threats.
Latest enforcement actions by the Nigeria Knowledge Safety Fee (NDPC) have begun to ship a transparent sign. Organisations that mishandle private information, together with worker information, face actual penalties, together with fines, audits, and public reprimand. In a single notable case, a digital companies agency was sanctioned for failing to acquire lawful consent earlier than sharing workers efficiency information with exterior companions.
For HR professionals, the brand new actuality calls for each technical consciousness and moral readability. Worker information is not “inside info”; it’s private information, protected by regulation and topic to scrutiny. Choices about who can entry personnel recordsdata, who could course of payroll information, and the way lengthy recruitment information are saved have to be made with clear insurance policies and traceable methods.
The complexity will increase when employers work with third events equivalent to payroll distributors, background examine corporations, or outsourced HR suppliers.
Right here, the authorized doctrine of “joint information controllers” could apply, which means each the employer and the service supplier are answerable for any information breach.
Learn additionally: Nigeria targets N13.8bn from data protection in 2025
Contracts with distributors should now embrace information safety clauses, processing agreements, and readability on breach notification protocols.
One space that continues to lift concern is pre-employment background screening. Whereas it’s normal apply to confirm credentials and conduct due diligence, some employers transcend cheap checks, probing into social media exercise, medical historical past, or earlier wage info with out consent. This isn’t solely intrusive but additionally probably unlawful underneath the NDPR. Employers should be certain that the scope of background checks is proportional, related, and authorised.
Equally, employers should tread rigorously when sharing information with regulators or auditors. Even statutory disclosures, equivalent to pension submissions or tax reviews, have to be finished in a manner that limits publicity. The precept of information minimisation is vital: solely the info required must be shared, and it must be encrypted or anonymised the place doable.
Transparency additionally issues. Staff must be knowledgeable, in clear language, about what information is being collected, why, and for the way lengthy it will likely be retained. HR departments should develop privateness notices, set up retention insurance policies, and supply mechanisms for workers to request corrections or deletions of outdated information.
The transition to distant and hybrid work has launched additional vulnerabilities. Worker monitoring software program, productiveness dashboards, and cloud-based file sharing elevate new questions on surveillance and consent. Simply because one thing is technologically doable doesn’t imply it’s legally or ethically acceptable. Employers should strike a stability between operational effectivity and the correct to privateness.
Finally, compliance with information safety legal guidelines is just not merely about avoiding fines; it’s about constructing belief. Organisations that present respect for worker privateness ship a message of professionalism, transparency, and moral management. In the long term, this helps with expertise retention, model repute, and company resilience.
Nigeria is just not alone on this journey. Globally, information safety frameworks are converging towards a typical precept: private information belongs to the person. The employer is merely a custodian, with duties, tasks, and limitations. Nigerian organisations that embrace this precept won’t solely keep away from regulatory complications; they’ll lead the way forward for accountable employment.
The African proverb reminds us that on this planet of secrets and techniques, somebody is at all times listening. As worker information turns into the brand new forex of office intelligence, discretion, safety, and consent should grow to be core pillars of HR apply.
Dr. Olufemi Ogunlowo is the CEO of Strategic Outsourcing Restricted and writes on workforce coverage, moral employment practices, and regulatory compliance for BusinessDay.
