What do British Heart Foundation, the RSPCA, Age International, Anxiety UK, British Red Cross and The Alzheimer’s Society have in common? If your answer is that they do good work for many worthy causes then you would be correct. However, these organisations also share something more unfortunate: they all contravened laws relating to the collection, handling and use of personal data over the last two years. In several instances, this has meant punitive action and fines that run into tens of thousands of pounds.

In the case of The Alzheimer’s Society, the organization needed to undertake remedial action to its data collection processes, as its volunteers were not storing sensitive personal data securely. Following an investigation by a national newspaper, British Red Cross had to revise its direct marketing policies and procedures, changing the opt-in consent practices of its call centres, the selling of data to third parties and how long it can hold personal data.

However, it was British Heart Foundation and the RSPCA who were judged to have made the most serious transgressions, receiving fines of £18,000 and £25,000 from the Information Commissioner’s Office (ICO) respectively.

Both these organizations were punished for a practice that a large number of charities (and schools, universities and other non-profit organisations) have conducted for years, if not decades: wealth screening.

This is the process of screening charity supporters against a database, using indicators of wealth to reveal which donors have a greater capacity and likelihood to give money to a charitable cause.

Now, before you start to panic, it’s important to point out that the process of wealth screening is not against the law.

However, the current Data Protection Act is also concerned about the principles of ‘fair’ and transparent data use, and it was this that spurred the ICO into action. Speaking at the Fundraising and Regulatory Compliance Conference at the end of February, ICO Commissioner Elizabeth Denham said:

“Some of the activities that we investigated charities for will never be accepted as being fair. It’s hard to imagine, for example, a circumstance where searching out phone numbers or addresses that have not been shared could be fair.

“Wealth screening, as least how we have seen it being done, is not fair either. Let me be clear. It’s not that the activity is against the law but failing to properly and clearly tell your donors that you’re going to do it, is.”

For the British Heart Foundation and the RSPCA, the issue was not that it conducted wealth screening, but that the charities, as ‘data controllers’, failed to disclose to donors but that they would be subject to wealth screening, and that their data would be passed onto a third party (i.e. a company that performs a wealth screening).

“The millions of people who give their time and money to benefit good causes will be saddened to learn that their generosity wasn’t enough. And they will be upset to discover that charities abused their trust to target them for even more money,” added Denham.

In order to ensure that charities maintain a diligent approach to their data protection obligations, the Fundraising Regulator recently published new guidance, called ‘Personal Information & Fundraising: Consent, Purpose and Transparency’. Later in March, the ICO plans to publish its own guidance at the Privacy Officers Conference.  

Many of these data protection issues in the charity sector have been investigated after intense media scrutiny of fundraising practices. However, these revelations could very easily be just the tip of the iceberg for all industries that handle personal data.

With the General Data Protection Regulation coming into force is a little over 400 days’ time, there is even more incentive to assess the way you collect and use data, and a clear need to assess data quality and compliance. Not just to ensure that your organization is obtaining consent and ensuring the safety of personal data; but to restore the trust and respect that has been severely eroded by seemingly unsavoury marketing techniques.