Charities must ensure that data is handled correctly, says Bethan Walsh
- Charities must recognise the serious repercussions of mishandling customer data.
Following the recent fines issued to British Heart Foundation (BHF) and the RSPCA (£25,000 and £18,000 respectively) at the end of 2016, the Information Commissioner’s Office (ICO) has now notified a further 11 charities that it intends to fine them for breaching the Data Protection Act 1998 (DPA 1998). The charities were investigated by the ICO as part of a wider operation following media reports about significant pressure placed on supporters to contribute to charities.
BHF and RSPCA fell foul of the DPA 1998 in relation to:
- data sharing through a donor data swapping scheme called Reciprocate;
- wealth screening; and
- data-matching (telephone matching).
These practices were found to be in breach of the first principle of DPA 1998, which states that any personal data must be processed fairly and lawfully. The ICO’s decision was mainly based on the fact that BHF and the RSPCA had not sufficiently informed their supporters that their
.tmb-mov69x69.jpg?sfvrsn=3d1684d4_1)
