There are fears the firms which supplied charities with wealth screening and data matching services will be forced to cough up tens of thousands of pounds in fines after the Information Commissioner’s Office decided to only dish out “discretionary” penalties to the likes of Cancer Research UK, NSPCC, Oxfam, and the Royal British Legion for abusing data laws.
While Commissioner Elizabeth Denham insists these fines “draw a line” under the investigation into charities, in January the ICO confirmed that 24 data companies were also being investigated as part of its inquiry into charity marketing.
In December, the ICO slashed fines for the RSPCA and BHF from £240,000 and £180,000 to £24,000 and £18,000 respectively. If the same formula was used for the latest penalties, the fines against the 11 should have totalled £1.38m rather than £138,000. Data firms are unlikely to get the same treatment.
The fines are steeped in controversy, as some in the sector claim charities have done little wrong; they point to the fact that no commercial business has ever been investigated for such actions.
In response, the ICO has maintained that charities did not have the right permission to carry out wealth screening and data sharing. St Ives-owned data firm Response One – which scrapped its Reciprocate data pool last summer – is one of the businesses under investigation.
The penalties were not unexpected; the ICO flagged up its intention to punish the charities in January. Under the ruling, the International Fund for Animal Welfare was fined the most, £18,000, followed by Cancer Support UK (formerly Cancer Recovery Foundation UK) on £16,000. Then came Cancer Research UK (£16,000), the Guide Dogs for the Blind Association, £15,000, Macmillan Cancer Support £14,000, the Royal British Legion £12,000, NSPCC £12,000, Great Ormond Street Hospital Children’s Charity £11,000, WWF UK £9,000 Battersea Dogs’ and Cats’ Home £9,000, and finally Oxfam £6,000.
Denham claims to have exercised her discretion in significantly reducing the level of the fines, taking into account the risk of adding to any distress caused to donors by the charities’ actions.
She said: “Millions of people will have been affected by these charities’ contravention of the law. They will be upset to learn the way their personal information has been analysed and shared by charities they trusted with their details and their donations.
“No charity wants to alienate their donors. And we acknowledge the role charities play in the fabric of British society. But charities must follow the law.”
The charities were investigated by the ICO as part of a wider operation sparked by reports in the media about repeated and significant pressure on supporters to contribute. There are no other outstanding investigations into charities as part of that operation.
Denham added: “These fines draw a line under what has been a complex investigation into the way some charities have handled personal information. While we will continue to educate and support charities, we have been clear that what we now want, and expect, is for charities to follow the law.”
It is not the end of the matter just yet, however; the Charity Commission has launched its own investigation into the 11 organisations to find out whether the trustees of each charity “have acted in accordance with their duties under charity law”.
Charity chief blasts ‘ridiculous’ wealth screening ruling
ICO data abuse probe to trigger fines for 11 charities
24 firms under investigation for charity data failings
BHF and RSPCA were facing fines of £430,000 says ICO
Privacy chief tells charities ‘stop whingeing and change’
Charity clampdown threat to UK data services industry
Privacy chief accused of sucking up to the Daily Mail
To get full access to the site please register – it takes less than a minute and is free of charge. You will also get our weekly email update The DM Report (to opt out contact firstname.lastname@example.org). If you are an existing user, please log in. If you have forgotten your log-in details please email email@example.com to get them reset!