The Nigeria Data Protection Commission (NDPC) has commenced an investigation into the alleged leak of voter information involving Nollywood actor and politician, Emeka Ike.
The commission said it has already engaged both the Independent National Electoral Commission (INEC) and the actor as part of its probe.
Speaking on Friday during a media parley with journalists at the commission’s headquarters in Abuja, the National Commissioner and Chief Executive Officer of the NDPC, Dr Vincent Olatunji, said the matter was being treated with urgency because of its implications for electoral integrity and public trust.
The development follows recent controversy over the publication of details relating to Ike’s voter registration record by the Senior Special Assistant to the Minister of the Federal Capital Territory, Nyesom Wike, on Information, Lere Olayinka.
Ike, a native of Imo State, contested the House of Representatives seat for the AMAC/Bwari Federal Constituency in the FCT under the Nigerian Democratic Congress (NDC) and lost.
Olayinka came under criticism after sharing what appeared to be Ike’s voter information via an INEC administrative webpage.
He wrote, ‘Emeka Ike was a registered voter in Imo State. He only transferred his INEC Registration to the FCT on 15 May 2026 (15 days ago).
‘And he wants to contest for House of Reps in Abuja! Someone who has never voted in the FCT o. What happened to his Imo State? This Obidient people enh!!!’
Olayinka attached two images to the post, which many users said contained details obtained from INEC’s administrative login portal.
Some of the personal information in the screenshots included Ike’s application number, registration centre, Voter Identification Number, profile picture, name, and date of application.
Olayinka’s post had sparked concerns about possible unauthorised access to INEC’s database and renewed debate over the protection of personal data ahead of future elections.
INEC, however, denied reports of a major breach or external compromise of its Continuous Voter Registration database, maintaining that the incident resulted from the misuse of valid internal credentials by authorised personnel rather than a cyberattack.
Meanwhile, investigators from the Force Intelligence Department–Intelligence Response Team had questioned Olayinka and an electoral officer as part of ongoing investigations into the alleged leak of voter information from the INEC portal.
Addressing questions on the matter, Olatunji confirmed that the commission had already met with relevant parties and launched an investigation.
According to him, the NDPC does not rely solely on social media reports before acting but follows established procedures in handling data breach allegations.
‘Emeka Ike is downstairs now. INEC, they were here last week, and they were here this week again’, he said.
The NDPC boss added that the commission had prioritised the matter because of its potential impact on confidence in the country’s electoral system.
‘The one of INEC is really sensitive because we are moving towards elections. And it speaks to the credibility of the database. It’s of utmost urgency, and we are moving immediately’, he noted.
Speaking on the NDPC’s approach to investigations, Olatunji stressed that the commission remained methodical and evidence-driven, noting that privacy-related probes require diligence and adherence to due process.
‘Investigation is a process. And in the privacy ecosystem, you have to be extremely careful and be diligent in the way you carry out your investigation.
‘There is no breach reported to us that we have not acted on, either in a government institution or public institution’, he added.
The commissioner explained that the commission evaluates the severity of complaints based on several factors, including the number of people affected, the sensitivity of the information involved and the likely impact on data subjects.
‘We have to assess it, look at the veracity of the claim, look at the impact on data subjects, how many of them, look at the sensitivity of the case and the likely outcome. That is how we prioritise’, he said.
According to him, the NDPC has evolved beyond making public announcements every time an investigation is initiated, preferring instead to focus on carrying out thorough investigations before reaching conclusions.
Olatunji maintained that the commission investigates every reported breach regardless of the status of the individuals or institutions involved.
‘No matter who you are, we invite you, and whatever action we are supposed to take, we take’, he stated.
The NDPC chief said the commission’s track record showed that organisations invited for investigations had generally cooperated with its processes.
Explaining how the commission handles complaints, Olatunji said a reported breach triggers a wider review of an organisation’s data protection framework rather than an examination of a single incident.
He said, ‘If there was a reported breach, we now look beyond that breach. We evaluate your total record of processing activities’.
Olatunji noted that investigators examine whether organisations have registered with the commission, filed mandatory audits, appointed data protection officers and implemented privacy policies and technical safeguards.
The NDPC boss explained that where organisations demonstrate substantial compliance, the commission often prioritises remediation over punishment.
He added that the commission’s objective was not to impose penalties indiscriminately but to achieve compliance.
‘We don’t issue fines. We issue remediation fees unless and until you are not able to do what is right’, he said.
Beyond the ongoing INEC investigation, Olatunji also disclosed that the NDPC was collaborating with the electoral commission to improve data protection awareness among political parties ahead of future elections.
According to him, many political parties collect large volumes of personal information from members and supporters but often lack adequate privacy safeguards.
The commissioner explained that the NDPC deliberately chose to work through INEC in order to avoid perceptions of political bias.
He expressed concern that many political parties were collecting personal information without fully understanding their responsibilities under the Nigeria Data Protection Act.
‘A lot of them are collecting data of their party members. What kind of privacy safeguards? What kind of guardrails do they have in place? They don’t even know. That’s the truth’, he said.
Olatunji noted that the NDPC was offering training and awareness programmes for political parties to help them understand lawful data processing practices and compliance obligations.
He said the commission was also expanding awareness campaigns through traditional institutions and grassroots structures to ensure citizens understood their privacy rights.
‘We are trying to work with INEC to meet with all the political parties. We are happy to train them on how to process personal data’, he said.
The NDPC chief further revealed that the commission had translated the Nigeria Data Protection Act into major Nigerian languages as part of efforts to deepen public awareness.
‘We have also gone further to interpret our laws in three major languages. Even people in rural communities can actually read our law. If you are Yoruba and you don’t understand English, you can read our law in Yoruba. If you are Hausa, you can read our law in Hausa. You can read our law in Igbo to understand’, he said.
Olatunji stressed that protecting personal data had become critical to national security and public trust, particularly as elections become increasingly digital and technology-driven.
‘There is no digital economy without trust. There is no public security without trust. Trust is not about what you say. It is about what you do’, he said.
He added that compliance with privacy laws was essential to maintaining confidence in institutions that collect and process personal information, including banks, telecommunications companies and public agencies.
‘It is an integral part of national security’, he said.
The commissioner reiterated that the NDPC would continue to engage institutions across both the public and private sectors to strengthen compliance and ensure Nigerians’ personal information is adequately protected.
