Cause of the fine
The information commissioners office (ICO) is an independent UK authority. They work to protect the privacy rights of individuals. Between 2015-17 they oversaw an investigation into charities fundraising activities. In total, 13 major charitable organisations faced fines of £180,000 collectively. Charities breached donor privacy in the following ways to secure further donations.
What did the charities do?
Ranking based on your wealth
Behind closed doors, these charities would rank donors based on their wealth and the likelihood of them leaving wills behind.
Finding information about you, that you didn’t provide
Some charities would hire companies to track down additional information out of data the donor provided.
Sharing your data with other charities, with no record-keeping
Data sharing is a common practice among charities. The charities involved didn’t regulate this leading to unwanted marketing.
The New Law
Data breaches are currently under the data protection act. However, the introduction of GDPR will lead to increased scrutiny and heavier fines.
GDPR, or the General Data Protection Regulations, will come in to force in the UK on 25 May 2018, the aim is to strengthen the rights of citizens regarding how data is held, used, and collected.
How to stay compliant
You should now understand the importance of individual privacy. Charities should look into how they handle their data as time is fast approaching the start date of GDPR.
Anyone who you have data on will have the right to request how their data is stored and used.
How do you handle your donors physical and digital information?
If you aren’t sure of your current practice, consider a shredding service.
At Direct365, we handle both on site or off site shredding; stored in a secure console. A shredding console safeguards information that needs destroying. Once the documents are safe in the console, only a trusted document disposal expert can carry out the permanent destruction.
To find out more about our shredding service click here
Back