Top universities branded dunces over data abuse claims

duncesThe UK’s top universities, including Oxford, Cambridge, King’s College and the London School of Economics, have been branded “data protection dunces” following claims that, despite previous warnings, many are abusing the personal data of alumni in their fundraising activities.
The Information Commissioner’s Office has vowed to examine evidence which, it is claimed, shows Russell Group universities sent former students’ personal information to firms for wealth screening without consent, before approaching them for donations.
The ICO said it would assess whether any rules had been broken and if institutions had failed to tell people their personal information would be shared.
The danger of using wealth screening without permission was first exposed in December last year, when the ICO ruled that the NSPCC and British Heart Foundation operations were illegal.
The move sparked accusations that Commissioner Elizabeth Denham was cosying up to the Daily Mail because wealth screening was an established and legitimate practice. However, the regulator was quick to dismiss this argument, insisting that the practice was not illegal per se, it was charities’ failure to gain the right consent that was the issue.
The RSPCA and the BHF were handed fines of £25,000 and £18,000 respectively, but Denham claimed they were facing penalties of £250,000 and £180,000. She said the reductions had been made partly because it was the first time charities had been fined under the Data Protection Act and warned organisations could not expect such leniency in the future.
Responding to the latest claims, which were also published in the Daily Mail, Denham said: “Personal data belongs to the individual and that means they have the right to make choices about how it is used. The law requires organisations to tell people what it’s going to be used for and who it’s going to be shared with – and that’s what people expect.
“We have been working with the Fundraising Regulator and talking to universities about their responsibilities around transparency and accountability as they prepare to comply with a new stronger data protection law coming into force in May next year.”
Tricia King, the vice president of the Council for Advancement and Support of Education, which helps colleges on fundraising best practice, said UK universities raised more than £1bn last year to support education and research. She said that, in her experience, universities “take the privacy of their alumni and other philanthropists very seriously”.
She told the Guardian: “This money supports many things including support for students from disadvantaged backgrounds to crucial life-changing research. As an important part of the university community, it is very clear that many alumni are proud to support the work of their former institution and want to be contacted.”
A spokesman for the Russell Group also insisted the organisation had done nothing wrong: “All Russell Group universities in England and Wales are registered with the Fundraising Regulator and when there are changes in guidance on best practice they will follow these closely. Our members are hugely grateful for the ongoing commitment to higher education shown by so many Russell Group alumni and take their privacy very seriously.”
However, one industry insider said: “If these allegations prove correct, the Russell Group only have themselves to blame. The ICO has been clear that it will not tolerate such practices. Rather than housing the finest minds in the world it seems they are nothing short of data protection dunces.”