The Information Commissioner's Office (ICO) has issued monetary penalties to both the RSPCA and the British Heart Foundation for contraventions of the Data Protection Act.
Both charities were found to be carrying out the practise of “wealth screening”, where the charities employed wealth management companies to analyse the financial status of supporters to estimate how much money they could be persuaded to give.
The charities were also data sharing, without giving donors enough information to opt out, and were data and tele-matching to fill in the gaps where they acquired information on someone who then chose not to donate.
Following on from this, the government's Charity Commission has then announced that it has two compliance cases open which are investigating both charities.
The charity regulator is assessing whether the trustees of each charity acted in accordance with their duties under charity law. The Commission's guidance to trustees on fundraising makes it clear that trustees need to understand and comply with the relevant data protection laws and requirements.
In its statement, the CC said: “The two charities acted properly in reporting the ICO investigations and notice of financial penalties to the Commission and the trustees are cooperating fully with the Commission. Both charities have now given us assurances that they have ceased these practices.”
And added: “We are working with the charities concerned, the Information Commissioner and the new Fundraising Regulator, to ensure that any necessary remedial action is taken. The wider lessons for charities about their responsibility to protect donors' personal data must be shared and acted on.”
The Charity Commission has a role in fundraising regulation where there is evidence that trustee actions or failings, in fulfilling their duties towards their charity, pose a serious risk to the charity, to charitable funds, or to public trust and confidence.
Sarah Atkinson, director of policy & communications at the Charity Commission, said: The fact that charities have been found in contravention of data protection requirements in this way is very serious and highly regrettable. Charities rely on public generosity to carry out their important work. In return the public trust charities to raise money in a considerate and responsible way and to use it effectively. The law requires, and the public expects, this will include safeguarding donors' personal data.
The Commission is aware that the ICO is investigating a number of other charities which may have similarly contravened the Data Protection Act, and may issue further monetary penalties. The Commission will engage with these charities and in each case seek to establish whether the trustees have acted in accordance with their legal duties.