A Digital Trust expert, Amaka Ibeji, has expressed concerns over the decision by Martins Vincent Otse Initiative (MVOI) to publicly disclose bank statements containing personal details of its donors.
Ibeji, who is also the Founder of PALS Hub, expressed the concern in an interview with the News Agency of Nigeria (NAN) on Saturday in Lagos.
NAN reports that convener of the group, Martins Otse, popularly known as VeryDarkMan [VDM], a Nigerian activist and social media influencer, sparked controversy after sharing bank statements in a video posted on his Instagram page.
According to her, the organisations should be able to decipher the balance between transparency and individual privacy.
”No doubt that the organisation’s financial transparency policy displayed on its website, aims to foster trust and ensure continued donor support by sharing financial details.
“The is part of MVOI’s efforts to promote transparency and accountability in its operations. However, the approach of publishing unredacted bank statements has exposed donors’ personal data, including identities and transaction details.
“This disclosure has significant privacy implications, including the exposure of personal data and potential misuse of information,” Ibeji said.
Recommending better approaches, she said that organisations or NGOs should share summary data rather than raw details to maintain transparency while protecting individual privacy.
Ibeji also said that asking personal identifiers in transaction records before disclosure was another way of protecting individual privacy.
She said that the breach was a classic example of a privacy breach, distinct from a security breach.
“A privacy breach occurs when personal information is disclosed without adequate consent or safeguards, whereas a security breach involves unauthorised access to or theft of information,” she said.
She said that a review of the published bank statement revealed at least 44,000 unique transactions with total donations of 242 million naira .
Ibeji said an analysis of MVOI’s disclosed transactions showed exposure of personal information, with about five thousand PalmPay transactions including the user’s account number in the description.
“Since most PalmPay account numbers are tied to the owner’s phone numbers, publicising the full details exposes the users’ phone numbers, leading to potential privacy breaches.
“Among the top contributors donating over one million naira, eight were individuals, further emphasising the sensitivity of the disclosed data, “she said
Speaking on the implications, she said that the exposed data, including donor identities, transaction details and phone numbers in some instances, could be exploited for targeted marketing, phishing attacks, or other malicious purposes.
Similarly, Chinedu Onwukike, a Digital Security Expert said that MVOI’s actions violated the Nigeria’s Data Protection Regulation (NDPR), by failing to anonymise donor information and exposing sensitive data without explicit consent.
According to him, the incident highlights the need for organisations to adopt best practices and adhere to regulatory frameworks like the Nigeria Data Protection Regulation (NDPR).
“The NDPC must investigate and address non-compliance swiftly, ensuring that organisations prioritise individual privacy rights,” Onwukike emphasised.
He said that platforms such as GoFundMe provided a model for balancing transparency with privacy.
“Donors have the option to contribute anonymously while campaigns maintain overall transparency about fund usage,” Onwukike said.
He Said that to avoid similar pitfalls, organisations should aggregate data, anonymise contributions, obtain explicit consent, provide user control, and adopt privacy-by-design principles.
Onwukike said that the MVOI privacy breach served as a cautionary tale for organisations navigating the intersection of transparency and privacy.
He said that by adopting best practices and respecting individual privacy rights, organisations could build trust and maintain transparency without compromising sensitive information. (NAN)
