Eleven UK charities have been warned to expect fines for breaches of the Data Protection Act, as the investigations into the sector’s shoddy data practices draw to a close.
The Information Commissioner’s Office has given the charities 28 days to respond to its findings and says it will consider representations from each charity before making a final decision about enforcement action.
Until then, the ICO says it will not be naming names. However, a raft of charities were named and shamed when the regulator launched its two probes in 2015 following claims of aggressive fundraising practices made in the national press.
Operation Cinnabar investigated the abuse of the Telephone Preference Service, while Operation Linden looked into data sharing.
Macmillan Cancer Support, the NSPCC, Oxfam, the British Red Cross, and Age International were included in Operation Cinnabar but the British Red Cross and Age International signed ICO agreements to avoid further action.
PDSA, the RSPCA, the Diabetes Research & Wellness Foundation and the Cancer Recovery Foundation were fingered in Operation Linden.
In December, the ICO slapped nominal fines on the RSPCA and the British Heart Foundation after ruling both had shared hundreds of thousands of donor records through Response One’s data pool Reciprocate without gaining adequate permission.
The ICO said there were no other outstanding investigations into charities as part of that operation.
Late last week the ICO confirmed it is investigating 24 companies as part of its inquiries into charity sector marketing; however, it is not known whether the 11 charities are included in that 24.
Only RSPCA and Age International have claimed they are not among the charities mentioned in the notice. The NSPCC declined to comment.
In a statement, the Institute of Fundraising chief executive Peter Lewis said: “A cloud has been hanging over the sector for too long about these investigations and so it is welcome the ICO has today drawn a line under the speculation about the number of charities affected.”
In an effort to move on from the issue, the ICO has joined forces with the Charity Commission and the Fundraising Regulator for a free conference aimed at helping charities and other fundraising groups comply with the law.
The Fundraising and Regulatory Compliance Conference will be held at Manchester Town Hall on February 21 and will set out the regulatory requirements and expectations for fundraising bodies and their boards under current and forthcoming data protection legislation.
24 firms under investigation for charity data failings
ICO donor data abuse inquiry probes Response One
Charities guilty of using Response One file illegally
‘Money grabbing’ charities flayed over brutal agency
Charities await fate in ICO data abuse investigations
Age International signs opt-in data pledge with ICO
ICO clears British Red Cross over illegal marketing
Action for Children takes £100k hit from bust agency
‘Aggressive’ charity agency goes into liquidation
Charities hit by new claims of aggressive fundraising
Oxfam and agencies savaged by charity watchdog