The charities also traced and targeted new or lapsed donors by piecing together personal information which was obtained from other sources.
In addition, they traded data with other charities to create a pool of donor data which was available for sale. As the donors were not informed of these practices, they could not give their consent or object.
The investigation was one of a number by the ICO into the fundraising activities of charities sparked by media reports about pressure on donors to contribute.
The Information Commissioner fined the charities £25,000 and £18,000 for the data protection breaches.
How can organisations ensure they are in compliance?
The ICO can take action, including penalties of up to £500,000, against organisations and individuals that collect, use and keep personal data.
Anyone who processes personal information must comply with the eight principles of the Data Protection Act which make sure personal data is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with an individual’s rights
- Secure and
- Not transferred to other countries without adequate protection.
Charity accountants
Visit our charity accountants section to find out more about our accountancy services for charities and not for organisations, or contact us to discuss yor requirements.
Award-winning chartered accountants offering tax, audit and advisory services.