by GDPR Associates | 5th April 2017 9:30 am
The Information Commissioner’s Office has fined eleven charities that breached the Data Protection Act by misusing donors’ personal data.
ICO investigations found many of the charities secretly screened millions of donors so they could target them for additional funds. Some charities traced and targeted new or lapsed donors by piecing together personal information obtained from other sources. And some traded personal details with other charities creating a large pool of donor data for sale.
The action follows penalties issued to two charities in December 2016.
The charities fined were:
A summary of how each charity breached the law can be found here.
The Information Commissioner has exercised her discretion in significantly reducing the level of today’s fines, taking into account the risk of adding to any distress caused to donors by the charities’ actions. The same approach was taken to fines issued to the Royal Society for the Prevention of Cruelty to Animals (£25,000) and British Heart Foundation (£18,000) in December.
Information Commissioner Elizabeth Denham said:
“Millions of people will have been affected by these charities’ contravention of the law. They will be upset to learn the way their personal information has been analysed and shared by charities they trusted with their details and their donations. No charity wants to alienate their donors. And we acknowledge the role charities play in the fabric of British society. But charities must follow the law.”
The charities were investigated by the ICO as part of a wider operation sparked by reports in the media about repeated and significant pressure on supporters to contribute. There are no other outstanding investigations into charities as part of that operation.
Elizabeth Denham added:
“These fines draw a line under what has been a complex investigation into the way some charities have handled personal information. While we will continue to educate and support charities, we have been clear that what we now want, and expect, is for charities to follow the law.”
In February, the ICO, the Charity Commission and the Fundraising Regulator held a conference for charity trustees, aimed at informing, educating and providing clarity to the sector. The ICO website also has detailed guidance on the rules around data sharing and marketing.
Source URL: https://www.gdpr.associates/ico-fines-eleven-more-charities/
Copyright ©2020 GDPR Associates unless otherwise noted.