Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
Very recently, the Information Commissioners Office (ICO) has handed out penalty fines to two well-known charities for secretly screening their donors’ personal information, and then using an external wealth management company to analyse the data to find the most generous donors and work out who would be most likely to give again.
With this effective but illegal method, the charities then used direct marketing communications to ask targeted donors to make more donations. This is, however, a breach, of data protection legislation.
The ICO has fined the Royal Society for the Prevention of Cruelty to Animals £25,000, and the British Heart Foundation £18,000 for the same thing.
The personal information shared included:
This is all classed as personal information, and according to our Data Protection laws, they must be protected. The ICO investigates situations where this is a suspected breach, and if they find one, like the case here with RSPCA, they have a range of enforcement powers to stop them and prevent it from happening again.
Both charities breached Data Protection laws by failing to comply with the legal principles of:
The charities typically only have their donors’ personal information in relation to their donations for that purpose only. Donors don’t expect their information to be shared with wealth management companies to be analysed to see which ones are most likely to donate again. The RSPCA was fined for doing this as they did not have permission from their donors.
Since the donors didn’t know this was happening, they couldn’t give their consent to their information being passed around. Without this consent, the RSPCA was breaching their legal duties.
The RSCPA was given a larger fine because some 15,028 supporters had their information passed along to a third party even though they had actually explicitly selected to ‘opt out’ of their personal information being shared.
Even though the charity may have been doing this to raise money for a good cause, they still have an obligation to protect the personal information they store and use.
The ICO’s action here shows that no one is exempt from data protection laws.
The ICO’s enforcement actions are not only to punish, but also to incentivise companies and organisations to make sure they are always complying with the law. When we hand over our personal information, we give it with trust and confidence, and companies and organisations cannot be allowed to abuse that trust and confidence.
The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.