The National Identification and Registration Authority (NIRA) has assured Ugandans that the security, confidentiality, and integrity of the National Identification Register (NIR) remain fully protected amid rising public concern about personal data safety.
In a press statement, NIRA emphasized that safeguarding citizens’ personal and biometric data is its top priority.
“NIRA wishes to reassure all Ugandans that their personal and biometric data remains confidential, secure and intact,” the Authority stated.
The agency outlined a three-pronged approach to data security that includes strong legal, technical, and institutional safeguards. It added that continuous system improvements are being made to align with global best practices.
According to the statement, Uganda’s Registration of Persons Act (ROPA) provides the legal framework for the collection, storage, and use of personal data. It mandates that data can only be accessed and used for lawful purposes such as identification, verification, and government service delivery.
“The Register cannot be accessed and used, including ID and passport issuance, without lawful authority and strict quality assurance controls,” NIRA explained.
The Authority also cited the Data Protection and Privacy Act, 2019, which sets clear obligations on the processing of personal and biometric data. These include enforcing principles of purpose limitation, accountability, data minimization, and security safeguards.
To protect against unauthorized access, NIRA has deployed multiple technical safeguards. These include encryption of data at all levels, use of secure server facilities with redundancy and backup, and advanced intrusion detection and monitoring systems.
On the institutional front, NIRA has put in place a dedicated Data Protection Officer, mandatory staff training, and strict confidentiality agreements with employees and third parties.
“Our systems are monitored 24/7, and all actions are logged and reviewed regularly to ensure accountability,” the Authority said.
NIRA further noted that only authorized officers can access data under strict internal controls. It stressed that the organization operates under a zero-tolerance policy for breaches and that any violations are subject to investigation and sanctions.
The Authority concluded by reassuring Ugandans that it remains committed to transparency, accountability, and compliance with the law.
“Ugandans can be confident that their data is protected and that NIRA takes the security and integrity of the Register very seriously,” the statement affirmed.
