The Fundraising Regulator will tomorrow launch new guidance on how charities should manage their data. Gerald Oppenheim explains why.
Charities and their data have had a slightly fraught relationship of late, with the Information Commissioner’s Officer issuing 2 monetary penalty notices and 11 further notices of intent, all concerning how charities are managing their data.
This is important. Charities are in a highly privileged position when it comes to data. Most businesses would envy charity databases and the detailed, extensive information they hold. This creates opportunities, but also threats.
While charities are privileged to have all of this data, they also have a clear responsibility. Public trust in the sector is now rebuilding after the problems that came to light in 2015, however we all know how easily it can collapse and the Fundraising Regulator is continuing to receive a considerable number of complaints from members of the public.
A few stories about charities abusing their donors’ data could be fatal and undermine all the good work that is being done now to put things right. We have seen how important privacy and consent is to donors and members of the public, making the issue of data particularly pressing.
Tomorrow, the Fundraising Regulator will be playing a prominent role at the Fundraising and Regulatory Compliance Conference. The conference has been organised by the ICO, the Charity Commission for England and Wales and the Fundraising Regulator. Along with speaking and hosting a workshop, we will be launching a set of guidelines for charities on how they can best manage their data.
The guidance has been drafted with the consultancy Protecture and has been reviewed by the ICO. It also takes into account the report by the National Council for Voluntary Organisations published in September 2015 which recommends important best practice changes to fundraising practice and the consent of individuals.
Largely, the guidelines we publish on Tuesday boil down to two key principles: be clear and be ethical. Charities need to make it obvious when they are collecting data, have an internal understanding of why they are doing so and act ethically when direct marketing. This is especially the case for charities who choose to engage outside agencies to assist fundraising.
Data guidelines cannot simply be a case of ‘yes or no’ answers – it is too nuanced to be treated as black or white. And, ultimately, if a charity is still uncertain then we would advise that they stop what they are doing and consult with the Fundraising Regulator.
Right now, we are part of a broader context. The issue of data privacy is not going anywhere – it is a pressing issue across all areas of public life, from government to social media. We cannot expect the sector to avoid scrutiny. Charities have already been caught out, however we have an opportunity to stop the issue becoming widespread. Action now can save a lot of hassle in the future. Charities have a great opportunity to get their consents right before the European General data protection Regulation passes into UK law on 25 May 2018.
For those who want to know more about what they can do, my speech and all the presentations at the Fundraising and Regulatory Compliance Conference will be live streamed by the ICO.
Gerald Oppenheim is head of policy at the Fundraising Regulator.