The Information Commissioner’s Office (ICO) recently revealed large fines for two national charities for breaching the Data Protection Act. They investigated the RSPCA and the British Heart Foundation. The investigation explains that the two charities were secretly screening millions of their donors so they could target them for more money. This practice breaches the Data Protection Act as the personal data wasn’t held in accordance with the legislation.
The charities were also known to trace and target new or lapsed donors by using personal information from other sources. Furthermore, they traded personal data with other charities in order to create a pool of donor data which was available for sale. This was clearly a breach of the legislation as the donors weren’t informed so could not give their consent or object.
Media reports about the pressures on donors to contribute sparked the ICO into investigating different charities. The Information Commissioner fined the RSPCA £25,000 and the British Heart Foundation £18,000.
The ICO can investigate and take action against any organisation or individual that collects and keeps personal data. All processing of data must comply with the eight regulations of the Data Protection Act, otherwise it could result in a penalty of up to £500,000.
The Data Protection Act specifies the eight principles in which to make sure personal data is:
- fairly and lawfully processed
- processed for limited purposes
- adequate, relevant and not excessive
- accurate and up to date
- not kept for longer than is necessary
- processed in line with an individual’s rights
- secure and
- not transferred to other countries without adequate protection
For more information: ICO news