The British Heart Foundation and the RSPCA have been fined recently for using tele-matching practices and wealth screening.
The Fundraising Regulator and the Charity Commission have instructed other charities not to use these practices or they too could face a hefty fine.
The RSPCA were fined £25,000, and the BHF £18,000 for carrying out tele-matching, which involved external companies tracking down additional information using donor data, and wealth screening which involved wealth management companies analysing the financial situation of charity supporters.
The Charity Commission and the Fundraising Regulator asked that charities ‘immediately cease any activity without explicit consent described and set out by the Information Commissioner’s Office’.
Charities were instructed to review and assess their data collection, and storage and use activities, in order to make sure that their data governance systems were fit for purpose. They were also told to ensure that their fair processing statements were clear, explicit, highly visible, and transparent.
Chief Operating Officer and Registrar at the Charity Commission, David Holdsworth, commented by saying: "Charities must learn the lessons from this week and do so quickly. Practices that some charities consider ‘common practice’ are in breach of the data protection requirements and should be ceased immediately. Charities are subject to the same legal requirements as all other organisations and must properly safeguard personal information according to the law."
Mr Holdsworth warned that charities who breached data protection laws were at risk of creating a negative public opinion about charity fundraising.
If breaches did occur charities were told that they should establish if they were required to inform the Information Commissioner’s Office and, if so, that they should inform the commission using serious incident reporting. They should also consider whether donors had a right to be informed.