11 UK charities have been fined for breaching data protection laws.
11 of the UK’s top charities have been fined for misusing their donors’ (aka individuals who donate) personal information. The Information Commissioner’s Office (ICO) have issued fines to the charities for alleged misconduct and breaching the Data Protection act.
Charities and their fines
The 11 charities and their fines are as follows:
- The international Fund for Animal Welfare – £18,000
- Cancer Support UK (formerly Cancer Recovery Foundation UK) – £16,000
- Cancer Research UK – £16,000
- The Guide Dogs for the Blind Association – £15,000
- Macmillan Cancer Support – £14,000
- The Royal British Legion – £12,000
- The National Society for the Prevention of Cruelty to Children – £12,000
- Great Ormond Street Hospital Children’s Charity – £11,000
- WWF – UK – £9,000
- Battersea Dogs and Cats Home £9,000
- Oxfam – £6,000
Misuse of Private Information
The above charities were found guilty of misusing their donors’ personal data by reportedly secretly piecing together data from an array of sources and trading personal details between other charities to target new and previous donors. Essentially, the charities were said to be sharing their donors’ personal information amongst each other to create “a large pool of donor data for sale”.
This kind of behaviour can be a breach of the DPA, and it seems evident that donors didn’t expect their private information to be used in the way the charities sought to use it.
ICO and the Charity Commission
The ICO has been investigating the data breach. Information Commissioner, Elizabeth Denham, noted,
“[people] will be upset to learn the way their personal information has been analysed and shared by charities they trusted with their details and their donations.”
The ICO also found that some charities hired companies to find out the wealth of their donors. This was apparently done by investigating their incomes, lifestyles, property values, and friendship circle among other things. What’s even more disturbing about the “wealth screening” process is the fact that it was reportedly used to pinpoint those who were most likely to be convinced to leave money in their wills.
It also transpires that some of the charities tracked down additional data from past donors by using old telephone numbers to identify current ones. The charities appeared to be ignorant of the fact that, as data owners, they are in control of what information is shared. By sharing their donors’ personal data, this was found to be a breach of the Data Protection Act (DPA).
It is crucial to identify that donors may not have been notified that their information was being used in this way, and therefore could not consent or object.
Extent of sharing remains unknown
Elizabeth also noted that:
“some charities don’t know if the information has been shared once or 100 times. This can result in lots of unwanted charity marketing.”
The breach was first investigated after reports in the media that charity supporters and donors were being pressured into follow-up donations. This led the ICO to wonder where charities were getting the information from. One particularly harrowing case reported in the media was that of Olive Cook – a 95 year old grandmother who reportedly committed suicide as a result of being hounded by charities daily. It is thought that her personal information was shared between charities as she was “very generous”.
The Charity Commission for England and Wales has responded to the ICO’s penalties and are considering whether the trustees of each charity have acted in accordance with their duties under charity law.
Not the first breach of this nature
This is also not the first time charities have been subject to a data breach scandal. In December 2016, the Royal Society for the Prevention of Cruelty to Animals and the British Heart Foundation were fined (£25,000 and £18,000 respectively) for breaching the DPA.
An important message must be conveyed. As David Holdsworth, Chief Operating Officer at the Charity Commission, said “…Charities must learn the lessons from these fines and breaches”.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.