ICO Fines 11 Charities for Privacy Lapses
Data protection watchdog the Information Commissioner’s Office (ICO) has fined 11 charities after a two-year investigation into illegal practices.
The offending charities are: Cancer Research UK; Battersea Dogs’ and Cats’ Home; Cancer Support UK; Great Ormond Street Hospital; Macmillan Cancer Support; Oxfam; The Guide Dogs for the Blind Association; The International Fund for Animal Welfare; NSPCC; The Royal British Legion and WWF-UK.
Some of the charities hired firms to investigate donors’ incomes, lifestyles, property values and other personal information in order to profile them by wealth, as well as by which were most likely to leave money in their wills.
Others hired third parties to find out missing data such as new telephone numbers and mail addresses.
Another common practice uncovered by the ICO was to share information with other charities via third parties to get details of prospective donors.
Some of these practices have been ongoing since 2003, although most were instituted five or six years ago.
The top fine of £18,000 was levied against The International Fund for Animal Welfare, which is said to have shared info with other charities, ranked donors by wealth and illegally obtained new information on donors.
Next came Cancer Research UK and Cancer Support UK (both £16,000), followed by The Guide Dogs for the Blind Association (£15,000), Macmillan Cancer Support (£14,000), the NSPCC and the Royal British Legion (both £12,000).
The action comes a few months after the ICO fined the RSPCA and British Heart Foundation £25,000 and £18,000 after it found they had secretly screened millions of donors to target them for money, used personal info obtained from other sources to target new and lapsed members and traded personal details with other charities.
At the time, information commissioner, Elizabeth Denham, claimed she had exercised discretion in not fining the charities more. The ICO confirmed to Infosecurity Magazine today that the same discretion had been applied in the 11 new cases.
The investigations, which took place between 2015 and 2017, were precipitated by media reports about widespread malpractice in the charity sector.
Source: Information Security Magazine