Folk Fest Registration: Fury over sharing of private data

Online ticketing service provider Shohoz.com has shared sensitive data of registrants wishing to attend the three-day Dhaka International Folk Fest (DIFF) with a third party, causing uproar on social media.    

The online registration partner of the popular event -- which is free and opens today at the Bangladesh Army Stadium -- asked attendees to provide the scanned copy of their National ID or passport to register, among other details.

They then reportedly shared those with Dmoney Bangladesh Ltd, a newly-launched digital financial service company, and the official digital payment partner of the event.

Attendees only came to know about it on Tuesday night, when they received an email from Dmoney that their accounts have been created with the service, and they would be “notified upon the verification” of their “NID and bank information.”

“Neither Shohoz nor the organisers of DIFF had the right to share sensitive information like NID with a third-party without my explicit consent. Both of them should provide a proper explanation for this blatant violation of privacy,” read the post of a Facebook user.

Contacted, founder and managing director of Shohoz, Maliha M Quadir, yesterday said they took prior consent from those who registered through a clause in the terms and conditions.

However, on that topic, an aggrieved registrant wrote on Facebook: “Most people, if not all, didn’t even notice it.”

“We had to share the information of registered users with DIFF [organisers of the event] strictly for security purposes, as DIFF would require this information to identify users at the entrance to the festival,” said Maliha.

“As a responsible company, we do not share any information about our valuable users with any party unless it is a necessity regarding security, and the users are well aware of this,” she also said.

Supreme Court lawyer and founder of Bangladesh Cyber and Legal Center Saimum Reza Piash said though there was a disclaimer in the registration process, it was not highlighted, and that is why it remains attendees’ concern that their data will be shared.

“Currently, there is no data security law in the country. Companies are misusing customers’ personal data and taking advantage of this situation,” said Piash.

Dmoney, on the other hand, expressed deep regrets over the incident and issued a clarification.

 “This message is to clarify and confirm that Dmoney account has not been created for anyone,” Dmoney said in a Facebook post yesterday morning.