When towards the end of the last decade, tax payers in Lagos state, Nigeria woke up to the sensational news of the admitted data breach on the payment portal of Lagos Internal Revenue Service - the state's tax collection agency - one would have thought that, the Service would have been bombarded with a myriad of law suits for such unprecedented "invasion of privacy" but the Country's extant laws, with the exception of the Nigeria Data Protection Regulation (NDPR), which is, at best, fairly managing to gain traction, is largely believed to be devoid of express provision on "invasion of privacy"

Having reviewed a couple of legal articles and papers on the tort of invasion of privacy in Nigeria, the common denominator seems to be the unconscious omission of the provisions of our local statutes on torts, in exclusive favour of the common law of England from where we inherited our jurisprudence on tort.

This repeated snub may however not be unconnected with the widespread misconception that, the solitary source of our law of torts is the common law of England thereby leading to the under-utility of the texts of indigenous statutes that expressly and comprehensively make provision for the tort of invasion as far back as 1961 when the Torts Laws of Western and Eastern Nigeria were enacted.

On the consciousness of our courts to statutory (general) torts, as early as 1986, the Supreme Court in the decision in Nasiru Bello v A.G. Oyo State (1986) 5 NWLR at page 828 took cognizance of the Torts Laws of Western Nigeria which has now been codified into the Torts Law of Oyo State 1978. The Worthy of mention however, is the recent decision in Portland Paints & Product Nig. Ltd v Mr. Jimmy Olaghere (2019) 2 NWLR (pt. 1657) 569 where the Respondent sued the Appellant before the High Court of Lagos State for breaching his privacy as a tort, but neither cited nor relied on the only law that provides for "invasion of privacy" as a tort in Lagos State, although trial court and Court of Appeal ruled in the Respondent's favour, the golden opportunity to utilize the Law of Lagos State on invasion of privacy was momentarily lost.

For the avoidance of doubt, section 29 of the Law Reform (Torts) Law, Ch. L82 Laws of Lagos State 2015 provides that:

29. Invasion of privacy "(1) Anyone who intentionally intrudes, physically or otherwise, on                                          the solitude or seclusion of another or private affairs or concerns,                                          is liable for invasion of privacy, if the intrusion would be highly                                          offensive to a reasonable person.

(2) Anyone who uses the name or likeness of another in a manner and to an extent which suggests to a reasonable person an intention to appropriate the name and likeness of another or that is associated with another is liable to damages.

(3) Anyone who publicizes a matter concerning the private life of another is liable for invasion of privacy, if the matter publicized is                                          of a kind that:

(a) Would be highly offensive to a reasonable person and (b) is not of legitimate concern to the public."

The law goes further in section 31 by providing for remedies thus:

31. Remedies "The remedies that a Court may grant in an action for invasion of privacy includes:

(a) Injunction.

(b) Damages

(c) Order directing the defendant to account to the claimant profits that have accrued or may later accrued to the defendant because of the invasion of privacy:

(d) Order directing the defendant to deliver to the claimant any material, article, photograph or documents that have come into the defendant's possession because of violation of privacy and

(e) Any other appropriate order or relief."

While reading subsection 3 of section 29 above, what readily came to mind was the wanton exposure of tax payers' data by the Lagos State Internal Revenue Service and the data breach allegedly suffered by SureBet 247 which all seemed to have gone without consequences, either under the extant Nigeria Data Protection Regulation (NDPR) or other relevant legislations.

This author is of the view that with or without the Nigerian Data Protection Regulation (NDPR), the provisions of sections 29 and 30 are comprehensive enough to be taken advantage of, for tortious claims bordering on all kinds of privacy invasion (including data breach), and same could be used to supplement and/or complement the new privacy regulations issued to cater for the increasing privacy concerns in Lagos State and Nigeria as a whole.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.