British Heart Foundation fined for secretly screening donor’s information for targeting most generous
data protection

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

British Heart Foundation fined for secretly screening donor’s information for targeting most generous

The British Heart Foundation Charity secretly screened thousands of their donors to target the most generous ones for further donations. As a result of their behaviour, they have been given a monetary fine by the Information Commissioner’s Office (ICO).

Although the first thing that springs to mind is the fact that we’re talking about a charity here, we must always remember that no one is above the law – a fact that the ICO had to recognise when investigating their behaviour.

The well-known charity was reported to have used external wealth management companies to analyse the personal information they had about their donors. The ICO reported that 1,047,544 pieces of personal information were shared, belonging to 552,092 individuals. They did this to find out who were the most likely to give again, and give the most amount.

British Heart Foundation shared personal information such as the donors’:

  • Full names;
  • Addresses;
  • Unique reference number;
  • Last donation date;
  • Last donation amount;
  • Gift aid status;
  • Donation type: whether the donor donated through a charity raffle, if they were regular donors etc.

In passing along this information, the British Heart Foundation was found to have breached their legal duties under Data Protection laws. Any company or organisation must follow the legal principles of the Data Protection Act. The ICO primarily found the British Heart Foundation to have breached their legal duty to process the information they have in a fair and lawful way. The charity also had a legal obligation to make sure the way they use this information is a specified and lawful one.

The way British Heart Foundation shared their donors’ information was not a lawful one. Donors had no idea this was happening and therefore couldn’t even consent if they wanted to. British Heart Foundation’s actions led to many donor’s receiving an increase in direct marketing communications. For this, the ICO said the British Heart Foundation caused ‘substantial damage‘ and ‘distress‘.

Donors had no way of opting out of these communications and could have been receiving numerous phone calls per day, asking for donations. This is hardly the behaviour you would want after having donated your own money to a good cause…

The ICO recognised that British Heart Foundation is a charity operating in the public’s interest and took this into consideration when calculating how much of a penalty fine to give. Other mitigating circumstances included the British Heart Foundation’s immediate co-operation with the investigations and that they have since stopped the illegal actions. However, because British Heart Foundation did this for financial gain and for several years, charity or not, the ICO had to give a penalty fine for its actions in breaching thousands of people’s fundamental rights. An £18,000 fine was given.

This penalty could be seen as harsh, especially when considering the British Heart Foundation is a charity and charities only hold money for those in need of it. However, it shows the ICO is determined not to stray from the objective of protecting the nation’s personal information.

Hopefully other charities will take note and use their information on donors sensibly to protect their donors.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon