RSPCA was given a fine by the ICO for secretly screening their donors by using wealth management services.

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

RSPCA was given a fine by the ICO for secretly screening their donors by using wealth management services.

Very recently, the Information Commissioners Office (ICO) has handed out penalty fines to two well-known charities for secretly screening their donors’ personal information, and then using an external wealth management company to analyse the data to find the most generous donors and work out who would be most likely to give again.

With this effective but illegal method, the charities then used direct marketing communications to ask targeted donors to make more donations. This is, however, a breach, of data protection legislation.

The ICO has fined the Royal Society for the Prevention of Cruelty to Animals £25,000, and the British Heart Foundation £18,000 for the same thing.

The personal information shared included:

  • Unique donor reference numbers;
  • Full names;
  • Addresses;
  • Date of last donation;
  • Amount of last donation;
  • Gift aid status;
  • Donation type and method, and if the donor gave quite regularly by setting up a direct debit or if they donated by participating in a raffle fundraiser.

This is all classed as personal information, and according to our Data Protection laws, they must be protected. The ICO investigates situations where this is a suspected breach, and if they find one, like the case here with RSPCA, they have a range of enforcement powers to stop them and prevent it from happening again.

Charities found in breach

Both charities breached Data Protection laws by failing to comply with the legal principles of:

  • Processing any data they have in a fair and lawful way;
  • Ensuring that personal information is only to be used for a specified and lawful purpose.

The charities typically only have their donors’ personal information in relation to their donations for that purpose only. Donors don’t expect their information to be shared with wealth management companies to be analysed to see which ones are most likely to donate again. The RSPCA was fined for doing this as they did not have permission from their donors.

Since the donors didn’t know this was happening, they couldn’t give their consent to their information being passed around. Without this consent, the RSPCA was breaching their legal duties.

Larger fine for the RSPCA

The RSCPA was given a larger fine because some 15,028 supporters had their information passed along to a third party even though they had actually explicitly selected to ‘opt out’ of their personal information being shared.

Even though the charity may have been doing this to raise money for a good cause, they still have an obligation to protect the personal information they store and use.

The ICO’s action here shows that no one is exempt from data protection laws.

The ICO’s enforcement actions are not only to punish, but also to incentivise companies and organisations to make sure they are always complying with the law. When we hand over our personal information, we give it with trust and confidence, and companies and organisations cannot be allowed to abuse that trust and confidence.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon