Legal help for data breach compensation claims

British Heart Foundation fined for secretly screening donor’s information for targeting most generous

Start Your Claim Today!

Your privacy is extremely important to us. Read how we handle your data in our Privacy Policy

The British Heart Foundation Charity secretly screened thousands of their donors to target the most generous ones for further donations. As a result of their behaviour, they have been given a monetary fine by the Information Commissioner’s Office (ICO).

Although the first thing that springs to mind is the fact that we’re talking about a charity here, we must always remember that no one is above the law – a fact that the ICO had to recognise when investigating their behaviour.

The well-known charity was reported to have used external wealth management companies to analyse the personal information they had about their donors. The ICO reported that 1,047,544 pieces of personal information were shared, belonging to 552,092 individuals. They did this to find out who were the most likely to give again, and give the most amount.

British Heart Foundation shared personal information such as the donors’:

  • Full names;
  • Addresses;
  • Unique reference number;
  • Last donation date;
  • Last donation amount;
  • Gift aid status;
  • Donation type: whether the donor donated through a charity raffle, if they were regular donors etc.

In passing along this information, the British Heart Foundation was found to have breached their legal duties under Data Protection laws. Any company or organisation must follow the legal principles of the Data Protection Act. The ICO primarily found the British Heart Foundation to have breached their legal duty to process the information they have in a fair and lawful way. The charity also had a legal obligation to make sure the way they use this information is a specified and lawful one.

The way British Heart Foundation shared their donors’ information was not a lawful one. Donors had no idea this was happening and therefore couldn’t even consent if they wanted to. British Heart Foundation’s actions led to many donor’s receiving an increase in direct marketing communications. For this, the ICO said the British Heart Foundation caused ‘substantial damage‘ and ‘distress‘.

Donors had no way of opting out of these communications and could have been receiving numerous phone calls per day, asking for donations. This is hardly the behaviour you would want after having donated your own money to a good cause…

The ICO recognised that British Heart Foundation is a charity operating in the public’s interest and took this into consideration when calculating how much of a penalty fine to give. Other mitigating circumstances included the British Heart Foundation’s immediate co-operation with the investigations and that they have since stopped the illegal actions. However, because British Heart Foundation did this for financial gain and for several years, charity or not, the ICO had to give a penalty fine for its actions in breaching thousands of people’s fundamental rights. An £18,000 fine was given.

This penalty could be seen as harsh, especially when considering the British Heart Foundation is a charity and charities only hold money for those in need of it. However, it shows the ICO is determined not to stray from the objective of protecting the nation’s personal information.

Hopefully other charities will take note and use their information on donors sensibly to protect their donors.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a call back from our team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.

First published by Author on January 25, 2017
Posted in the following categories: Latest and tagged with

ThyssenKrupp’s trade secrets stolen in cyber-hack, owned by LinkedIn and Microsoft, fell victim to a data breach which lost 55,000 passwords