The Charity Commission has opened compliance cases into the 11 charities who have been fined today for data protection breaches by the Information Commissioner’s Office.
The 11 charities were fined earlier today by the ICO for numerous breaches in data protection law, including the use of wealth screening and tele-appending of personal data.
In a statement, the Commission said that the compliance cases will look at whether the trustees of each charity “have acted in accordance with their duties under charity law”.
Under its recently issued CC20 guidance, the charity watchdog said that trustees of fundraising charities need to “understand and comply with the relevant data protections laws and requirements”, which the ICO has found each of these charities were in breach of.
A spokesman for the Charity Commission said that given the “serious nature of the breaches discovered by another regulator”, the commission was right to open compliance cases into the 11 charities.
He said that the Charity Commission had also opened compliance cases into both the RSPCA and BHF, after both charities were issued with fines by the ICO in December 2016.
The commission said it “has met with all 11 charities who acted properly in reporting the ICO investigations and notice of financial penalties” and said all are cooperating with the regulator on its compliance cases.
‘Charities must learn the lessons from these breaches’
David Holdsworth, chief operating officer at the Charity Commission, said the charitable sector as a whole must learn from these further ICO fines and breaches of data protection law.
Holdsworth said: “It is regrettable that further charities have been found in contravention of data protection requirements in this way. Charities must learn the lessons from these fines and breaches.
In Fundraising Magazine
“The generous British public expect charities to safeguard their data and raise funds responsibly, and in return they donate in their millions. Sadly in these cases charities have not kept their side of the bargain.
“We are working with the charities concerned, the Information Commissioner and the Fundraising Regulator to ensure that any necessary remedial action is taken.”
“The charities were investigated by the ICO as part of a wider operation into data protection practices. There are no other outstanding investigations into charities as part of that operation.
The Charity Commission continues to work with the ICO and the Fundraising Regulator to ensure the wider lessons from these cases are shared, and charities are meeting their responsibilities to protect donors’ personal data.”