The Information Commissioner’s Office yesterday fined 11 charities for breaches of the Data Protection Act in relation to data sharing, data matching and tele-appending. The ICO seems keen to move on, but the sector remains unable or unwilling to do so, says Hugh Radojev.
Yesterday’s fines will, hopefully, bring to a close what has been another dark chapter in the recent history of the charitable fundraising sector.
11 charities: including Cancer Research UK, Macmillan Cancer Support and Oxfam, were handed fines worth collectively £138,000 for historic breaches of data protection law in regards to data sharing and matching, as well as tele-appending of donor information, usually through the use of external third party wealth screening agencies.
The ICO seems keen to move on from all of this now, but the fundraising sector, bizarrely, seems unwilling or unable to do so.
Despite the lenient fines for charities (in some cases a 90 per cent discount), the responses of many of the charities involved were worrying. Troubling too are the deep connections between the people who authorised these industrial scale practices to take place, and the regulatory and membership bodies ostensibly put in place to stop them.
With the EU’s General Data Protection Legislation looming on the horizon, the sector needs to get a grip, and soon.
Charities got off lightly
The fines handed down by the ICO yesterday were, in reality, miniscule given the total incomes of the charities involved. The figures represent little more than a slap on the wrist and, yet, the responses from some of the organisations still complained of being “disappointed” in the ICO’s decision.
It makes you wonder whether the charities have really learned anything from the last two years. Robust and strident responses to half-baked Daily Mail hatchet jobs is one thing, but to have reacted so petulantly to the actions of the ICO, particularly when being caught dead to rights swapping and sharing data and profiling millions of donors without their consent, smacks of pig-headedness.
The ‘woe-is-me’ line from the fundraising sector has been constantly trotted out since the ICO’s first round of fines in December. The tabloids have been incredibly quiet on the issue over the last day or so and the sector should frankly be breathing a sigh of relief for that. It wouldn’t take much for a Daily Mail or Sun journalist to compare the size of the fines to the incomes of some of the charities involved to kick off another round of negative attack pieces. Not to mention the fire the ICO may come under.
Also, while these practices may well have been common practice at the time, they certainly weren't common knowledge to the donors and the public at large. This is what the ICO has been saying all along and yet some fundraisers refuse to accept it.
Fundraisers need to pick their battles and, when in the wrong, hold their hands up and apologise.
Conflicts of interest across the regulatory frameworks
After the media storms of 2015 and in the wake of the Etherington Review, the first thing organisations such as the Institute of Fundraising tried to do was make the case that, whatever the new system of fundraising regulation looked like, there needed to be a strong fundraising presence.
The argument that no regulatory body could possibly work for fundraising without fundraising expertise made sense at the time, but while the Fundraising Regulator in particular did try to appoint a number of members with experience on its various boards, it was never going to be enough for some in the sector.
The fact is that, the more fundraisers you bring into the regulatory system, the more vested interests there are. Although the Fundraising Regulator attempted to balance leadership in the sector with impartial voices, the truth is that vested interests will pervert the course of compliant regulation. That’s why the old system of self-regulation failed.
Yet, the findings from yesterday prove yet again that vested interests continue to harm the process. Two fundraising directors of charities fined yesterday currently sit on the board of the IoF, one as its chair.
This also hobbled the Fundraising Regulator’s first-ever adjudication into Neet Feet, when two members of its six-strong adjudication committee were forced to step back from the investigation due to conflicts of interest.
Fundraising is a relatively small and specialised sector in terms of staff and one where, more or less, everyone knows everybody else. Overlapping interests and relationships are to be expected and, yet, it still leaves a bad taste in the mouth from an outsiders’ perspective when the frameworks put in place to hold the sector to account are constantly hampered by them.
It comes back, as it always seems too, to trust.
No more retrospective action, hopefully
On a positive note, certain data protection experts I’ve spoken to seem to think that the yesterday’s fines represent the ICO moving back to its more default position on fundraising of “promoting good practice and giving people credit for trying hard”.
If charities can show that they are moving in the right direction and are ensuring they will be compliant with GDPR by 25 May 2018, then hopefully the ICO won’t need to fine any charities for data protection breaches in the future.
In Fundraising Magazine
That being said, the ICO have shown no intention of backing down on their positions regarding profiling and wealth screening, despite protestations from major donor fundraisers in particular that it’s a necessary part of best practice. Bones of contention around this issue, and on the ICO’s interpretation of what does and doesn’t constitute ‘legitimate interests’ when processing data may well be on the horizon.
The point is however, that if the charities think the sorts of fines we’ve seen under the old monetary penalty scheme in the Data Protection Act were bad, they’re going to be horrified by the prospect of an £18m fine under GDPR.
The time for fighting this is over, charities need to move forward and quickly. Otherwise they’re looking at much larger fines, the sort of fines that might even make a Cancer Research UK or Oxfam blink.
|
Related Articles