Firm News and Blog

Welcome to our latest news and blogs page. Click to read the latest articles below or browse by category on the right.

Charities and Data Protection Law


 

The Information Commissioners Office (ICO) has been cracking down on charities and their compliance with the Data Protection Act (1998) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR). In April 2017, 11 well known charities were fined for breaching data protection law. This included Oxfam, Cancer Research UK and Great Ormond Street Hospital Children’s charity.

Cancer Research UK

Cancer Research UK was fined £16,000 in April 2017 for ranking donors based on wealth, and finding out information about donors which they did not provide.

The ICO report stated that as individuals were not aware their details were being used to rank them based on wealth, they could no object to the practice.

The ICO also noted that the charity was matching individual donors with their telephone numbers (where they had not been provided by the donors). The ICO states that individuals should have the right to choose what information they provide to a charity.

Great Ormond Street Hospital Children’s Charity

Great Ormond Street Hospital Children’s Charity was fined £11,000 by the ICO in April 2017. It made the same two mistakes as Cancer Research UK.

It also shared information about individual donors with other organisations, no matter what their cause. The ICO suggests that charities should be specific about sharing information. A charity should specify the name of charities to which information will be shared, or at least give a category of organisation. The ICO was concerned that information shared too broadly could lead to nuisance calls or excessive marketing targeted at individuals by many different types of organisations.

What can your charity do to ensure compliance with data protection laws?

Audit how you use information and how you receive it. Check your privacy notice/statement is appropriate and that individuals are clearly informed about how you are going to use their data, and their right to object to that. If you are planning to pass individuals’ data on to other organisations or charities, we would recommend opt-in boxes being used. You need to ensure consent is clearly given, and that you name the organisation you will pass information on to and specify the reason for that – e.g. for marketing purposes. Review the ICO guidance on direct marketing if you undertake it.

Ensure your staff are fully trained about data protection requirements and update that training regularly. Also ensure that information is stored securely, on encrypted devises using strong passwords. You should also only store information for as long as is necessary.

 

Please note the further legal requirements for data protection are due to come into effect in May 2018 – under the General Data Protection Regulation. 

 

For further advice or assistance on data protection requirements, please contact Louise Adams on 01905 723561 or email her at louise.adams@smesolicitors.co.uk

 

 

Added: 30 Jun 2017 11:41


Back To Blog