News & Insight
21st February 2017
Charities and Data Protection: Five Key Questions Answered at the ICO Conference
A few hours ago the Fundraising and Regulatory Compliance Conference came to a close. The conference was organised by the Information Commissioner’s Office, the Fundraising Regulator, and the Charity Commissioner. The conference follows on from a series of ICO investigations into the fundraising practices of some charities.
The conference focused on:
- Improving data compliance and transparency
- Fair processing requirements and how they apply to fundraising activities
- The role of trustees in regulating and guiding their charities on this issue
There is huge appetite for advice and reassurance so it was welcome news that the Fundraising Regulator has published guidance and best practices case studies along with the news ICO guidance on consent is due out in two to three weeks.
Here are a few key questions that we think the conference answered:
What does it mean that donors provide ‘Explicit Consent’?
The ICO announced that its guidance on consent with be published in two to three weeks. An important point made at the conference was that silence is not consent. The ICO’s Direct Marketing Guidance advises that the safest way of demonstrating consent is by providing an unticked opt-in box for each specific form of marketing/fundraising that the charity wishes to use. This will allow individuals to give clear and explicit consent. Pre-ticked boxes will not do this.
Can we still complete major donor research?
While major donor research is not illegal, people should be aware of how their data is used. Best practice would be to clearly reference this in a privacy statement or notice. An example given by the ICO is that when researchers take information from social media without informing the donor, the donor cannot exercise any data protection rights.
Clarity on researching new prospective donors was more difficult to establish at the conference. The ICO say that if you have no interaction with them, you can’t ask them for consent, which leaves them unaware their data is being used. The ICO recommend that charities talk to prospects very early on to be as transparent as possible and give them a chance to know you are processing their data.
Can we still wealth screen the people on our database?
Yes; wealth screening is not illegal. However not allowing supporters to give you explicit consent for wealth screening is illegal. Elizabeth Denham, UK Information Commissioner said that individuals that make a donation are highly unlikely to expect to be wealth screened as a result of their charitable giving. You will need to inform donors of your plans to use a wealth screen in the future and that you will need their personal information to do so. Wealth screening does have to be explicitly stated and explained further if your supporters will not know what wealth screening is. So, if you intend to process personal information for wealth screening, it should be actively communicated to individuals alongside updating your privacy statement. The ICO recommend the easiest way of doing this would be to tell supporters at the point when you first collect their details.
How can I update contact details?
The ICO state donors wouldn’t reasonably expect you to contact them via a phone number or email address they didn’t provide, even if those details came from publicly available sources. If you want to update details, again it is not illegal, but you must let individuals know that you are doing this in a privacy notice with clauses about “who are you and what you are doing with their data.”
I am a trustee. Is data protection anything to do with me?
Data protection is something that trustees are responsible for. Trustees need to consider the issues and to reassure themselves that the approach to a fundraising campaign is ethical, and fully respects existing donors and new supporters. Trustees responsibilities’ are set out in the revised CC20, with more focus on the role of trustees in planning and supervising fundraising campaigns. In short, trustees need to know what is happening.
Philanthropy Company has a specialist team that can help charities with data policy, management, and compliance. Click here to find out more.