The Information Commissioner's Office (ICO) has fined 11 charities a total of £138,000 following an investigation between 2015 and 2017 that found that they routinely broke privacy rules and engaged in nuisance phone calls.
In some cases, the charities were accused of using private information to target elderly and vulnerable people for donations, often based on information that wasn't freely given. Some used wealth-screening companies to better identify wealthy, especially elderly, potential donors and to target them for donations - especially for bequests in their wills.
And most of the charities shared this information among themselves.
Some of the best-known charities fined for such activities included Battersea Dogs' and Cats' Home; Cancer Research UK, Oxfam and Great Ormond Street Hospital Children's Charity.
Battersea Dogs' and Cats' Home was fined £9,000 for finding information about potential donors that they did not provide in order to target them for donations. Between 2011 and 2015, Battersea Dogs' and Cats' Home used this approach to try to find out information more than 740,000 times.
Cancer Research UK was fined £16,000 for ranking potential donors based on their wealth, screening 3.5 million supporters in this way between 2010 and 2016, making more than 675,000 phone calls to solicit donations based on this data.
Oxfam, meanwhile, was fined £6,000 for finding and databasing information about people that they didn't provide in order to target them for donations - a transgression of data protection and privacy laws that it carried out for more than a decade.
And Great Ormond Street Hospital Children's Charity built a database of potential donors based on information they did not provide, sent 795,000 records every month to a wealth screening company and routinely shared personal data with other charities. For this, it was fined just £11,000.
The other charities were fined as follows:
- The International Fund for Animal Welfare, fined £18,000;
- Cancer Support UK, £16,000;
- Guide Dogs for the Blind, £15,000;
- Macmillan Cancer Support, £14,000;
- The Royal British Legion, £12,000;
- National Society for the Prevention of Cruelty to Children, £12,000; and,
- WWF-UK, £9,000.
It follows on from big fines levied against the RSPCA and British Heart Foundation in December last year as a result of the same investigation.
The charities have arguably been let off lightly. Under the EU's General Data Protection Regulation, which will fully come into force in May next year, the charities could be fined up to four per cent of turnover.
Instead, they have been fined relatively trivial sums compared to their turnovers - the ICO could have fined them as much as £400,000 - and no staff appear to have been disciplined either.
Join Computing in London on 4 May for the Cyber Security Strategy Briefing 2017 for the Financial Sector.
Speakers include Adam Koleda, IT director of insurance firm BPL Global; Peter Agathangelou, associate director of Hamilton Fraser Insurance; and, Dr Kuan Hon, consultant lawyer at law firm Pinsent Masons.
Attendance is free to qualifying IT professionals and IT leaders - register now!
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal