Privacy Experts Slam Martins Vincent Otse Initiative for Publicly Releasing Donor Bank Statements

Amaka Ibeji, a Digital Trust expert and the Founder of PALS Hub, has raised alarms over the Martins Vincent Otse Initiative (MVOI) for publicly releasing bank statements containing sensitive personal details of donors. The controversy arose after MVOI’s convener, Nigerian activist and social media influencer Martins Otse, shared unredacted bank statements in a video posted on Instagram.

While Ibeji acknowledged the importance of financial transparency in building trust, she criticized the move as a serious privacy breach. “I understand that MVOI’s goal is to promote transparency and foster trust by sharing financial details. However, by publishing unredacted bank statements, the organization has inadvertently exposed sensitive personal data, including identities and transaction information,” Ibeji stated in an interview in Lagos.

Ibeji emphasized that the release of unredacted bank statements could lead to the misuse of the exposed data, such as identity theft or phishing attacks. She suggested that organizations aiming for transparency should instead provide summary data that highlights financial activities without compromising the privacy of donors. “Organizations should obtain prior consent from donors before publicly sharing transaction information, especially personal identifiers like phone numbers or account details,” she added.

The analysis of the exposed bank statements revealed over 44,000 unique transactions totaling 242 million naira. Ibeji pointed out that several PalmPay transactions included user account numbers that could easily expose donors’ phone numbers, putting them at further risk. Of particular concern was the disclosure of identities and sensitive information of major donors, with eight top contributors, each donating over one million naira, having their personal details unveiled.

Digital Security Expert, Chinedu Onwukike, also condemned MVOI’s actions, noting that they violated Nigeria’s Data Protection Regulation (NDPR). Onwukike stressed that MVOI failed to anonymize the data and did not obtain explicit consent before making sensitive information public. “This incident underscores the urgent need for organizations to adhere to regulatory frameworks like the NDPR, ensuring that they prioritize the privacy of individuals,” he said.

Both Ibeji and Onwukike emphasized that organizations should adopt best practices, such as anonymizing contributions, aggregating data, and integrating privacy-by-design principles, to protect personal information. They pointed to platforms like GoFundMe as examples of better models, where donors can remain anonymous while still ensuring transparency.

The MVOI privacy breach serves as a cautionary tale for other organizations seeking to balance financial transparency with the protection of sensitive personal information. By respecting privacy rights, organizations can build trust without exposing individuals to unnecessary risks.