A digital trust expert, Amaka Ibeji, has raised concerns about the decision by the Martins Vincent Otse Initiative (MVOI) to publicly disclose bank statements containing donors’ personal details.
Speaking to the News Agency of Nigeria (NAN) on Saturday in Lagos, Ibeji, who is also the founder of PALS Hub, highlighted the privacy risks associated with this move.
The controversy began when Martins Otse, widely known as VeryDarkMan—a Nigerian activist and social media influencer—shared unredacted bank statements in a video on his Instagram page.
The disclosure, intended to demonstrate financial transparency, has drawn significant criticism.
Ibeji noted that while financial transparency is crucial for fostering trust and encouraging donor support, organisations must balance this with the obligation to protect individual privacy.
She acknowledged that MVOI’s financial transparency policy, as displayed on its website, aims to promote accountability, but she emphasized that publishing raw bank statements exposed sensitive donor information.
“This approach has serious privacy implications,” Ibeji stated. “It reveals personal data, such as donor identities and transaction details, which could be misused.”
To address such issues, she recommended that organisations share summary financial data instead of detailed statements.
“Removing personal identifiers from transaction records before disclosure is a better approach to safeguarding privacy,” she added.
Ibeji explained that the situation constitutes a privacy breach, distinct from a security breach.
“A privacy breach occurs when personal information is disclosed without adequate consent or safeguards, whereas a security breach involves unauthorised access or theft of information,” she clarified.
Her review of MVOI’s disclosed bank statements revealed at least 44,000 unique transactions amounting to 242 million naira.
Among these were over 5,000 PalmPay transactions, where account numbers were exposed. Since many PalmPay accounts are linked to phone numbers, this disclosure potentially compromises users’ privacy.
Additionally, she noted that eight individuals contributed over one million naira each, highlighting the sensitivity of the data exposed. “Such details could be exploited for targeted marketing, phishing attacks, or other malicious activities,” Ibeji warned.
Digital security expert Chinedu Onwukike also criticized MVOI’s actions, describing them as a violation of Nigeria’s Data Protection Regulation (NDPR).
According to him, the organisation failed to anonymise donor information and exposed sensitive data without explicit consent.
“The NDPC must investigate this non-compliance and ensure organisations prioritise individual privacy rights,” Onwukike said. He emphasized the importance of adopting best practices and adhering to regulatory frameworks to prevent similar incidents.
Onwukike suggested platforms like GoFundMe as models for balancing transparency with privacy. “These platforms allow donors to contribute anonymously while maintaining transparency about fund usage,” he explained.
He recommended that organisations implement practices such as data aggregation, anonymisation of contributions, explicit consent processes, and privacy-by-design principles.
He concluded by noting that the MVOI incident serves as a cautionary tale for organisations.
“By respecting individual privacy rights and adopting best practices, NGOs can build trust and maintain transparency without compromising sensitive information,” Onwukike said.
This incident underscores the need for organisations to carefully navigate the intersection of transparency and privacy, ensuring that their actions align with both ethical standards and regulatory requirements.
