UK charities fined for misusing donors’ private information
data protection

UK charities fined for misusing donors’ private information

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

11 UK charities have been fined for breaching data protection laws.

11 of the UK’s top charities have been fined for misusing their donors’ (aka individuals who donate) personal information. The Information Commissioner’s Office (ICO) have issued fines to the charities for alleged misconduct and breaching the Data Protection act.

Charities and their fines

The 11 charities and their fines are as follows:

  • The international Fund for Animal Welfare – £18,000
  • Cancer Support UK (formerly Cancer Recovery Foundation UK) – £16,000
  • Cancer Research UK – £16,000
  • The Guide Dogs for the Blind Association – £15,000
  • Macmillan Cancer Support – £14,000
  • The Royal British Legion – £12,000
  • The National Society for the Prevention of Cruelty to Children – £12,000
  • Great Ormond Street Hospital Children’s Charity – £11,000
  • WWF – UK – £9,000
  • Battersea Dogs and Cats Home £9,000
  • Oxfam – £6,000

Misuse of Private Information

The above charities were found guilty of misusing their donors’ personal data by reportedly secretly piecing together data from an array of sources and trading personal details between other charities to target new and previous donors. Essentially, the charities were said to be sharing their donors’ personal information amongst each other to create “a large pool of donor data for sale”.

This kind of behaviour can be a breach of the DPA, and it seems evident that donors didn’t expect their private information to be used in the way the charities sought to use it.

ICO and the Charity Commission

The ICO has been investigating the data breach. Information Commissioner, Elizabeth Denham, noted,

“[people] will be upset to learn the way their personal information has been analysed and shared by charities they trusted with their details and their donations.”

The ICO also found that some charities hired companies to find out the wealth of their donors. This was apparently done by investigating their incomes, lifestyles, property values, and friendship circle among other things. What’s even more disturbing about the “wealth screening” process is the fact that it was reportedly used to pinpoint those who were most likely to be convinced to leave money in their wills.

It also transpires that some of the charities tracked down additional data from past donors by using old telephone numbers to identify current ones. The charities appeared to be ignorant of the fact that, as data owners, they are in control of what information is shared. By sharing their donors’ personal data, this was found to be a breach of the Data Protection Act (DPA).

It is crucial to identify that donors may not have been notified that their information was being used in this way, and therefore could not consent or object.

Extent of sharing remains unknown

Elizabeth also noted that:

“some charities don’t know if the information has been shared once or 100 times. This can result in lots of unwanted charity marketing.”

The breach was first investigated after reports in the media that charity supporters and donors were being pressured into follow-up donations. This led the ICO to wonder where charities were getting the information from. One particularly harrowing case reported in the media was that of Olive Cook – a 95 year old grandmother who reportedly committed suicide as a result of being hounded by charities daily. It is thought that her personal information was shared between charities as she was “very generous”.

The Charity Commission for England and Wales has responded to the ICO’s penalties and are considering whether the trustees of each charity have acted in accordance with their duties under charity law.

Not the first breach of this nature

This is also not the first time charities have been subject to a data breach scandal. In December 2016, the Royal Society for the Prevention of Cruelty to Animals and the British Heart Foundation were fined (£25,000 and £18,000 respectively) for breaching the DPA.

An important message must be conveyed. As David Holdsworth, Chief Operating Officer at the Charity Commission, said “…Charities must learn the lessons from these fines and breaches”.


Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon