I-EARS DATA PROTECTION & CYBERSECURITY POLICY
Approved by NSCDC Commandant General’s Office
1.1 NDPR Compliance
- All personal data (KYN registrations, incident reports) processed per Nigeria Data Protection Regulation (NDPR) 2019
- Data Protection Officer (DPO) appointed at each state command
- Privacy Impact Assessments (PIAs) conducted biannually
1.2 Data Minimization
Only collect essential fields:
[Citizen]: Phone (hashed), LGA, Blood Type
[Officer]: Name, Rank, Biometric ID
Auto-deletion of non-critical data after 3 years
1.3 Citizen Rights
- Access/Correction: Via USSD or app
- Deletion: Formal request to DPO (72-hour processing)
- Breach Notification: SMS alerts within 24 hours
2.1 National Information Technology Development Agency (NITDA) Compliance
| Requirement | I-EARS Implementation |
|---|---|
| Local Content (NITDA Act 2007) | 60% hardware procured from Nigerian tech firms |
| Data Localization | Primary servers in Abuja/Lagos; backups in 2 other states |
| MLPS* Level 4 Certification | Military-grade encryption for all classified intel |
| Third-Party Audits | Quarterly assessments by NITDA-licensed firms |
3.1 USSD (Short Code) Security
- 2FA (PIN + OTP) required before distress alert submission
- End-to-End encryption using TLS over GSM
- Session timeout after 30 seconds idle
3.2 Mobile App Security
- Biometric login (Face/Touch ID) for verified officers
- App data encrypted using AES-256 in local storage
- Device IMEI logged & verified for all app sessions
- Mandatory NDPR & Cybersecurity training on appointment
- Quarterly phishing drills and access hygiene tests
- Certification tracking dashboard managed by HQ DPO
- 24/7 Cyber Incident Response Center (CIRC) integration
- Officers report suspected breaches via secure command-only USSD
- Breach reports are auto-escalated to CG’s Office if unresolved in 1 hour