The Information Commissioner’s published accounts for the last financial year show it held 17 compliance meetings with 15 other charities and two fundraising agencies over data protection issues, separate to the 13 fines it issued.
According to its most recent set of published accounts, the ICO said it held “17 compliance meetings with other charities and two centres about their compliance" with the Data Protection Act and Privacy and Electronic Communications Regulations (PECR). This is separate to its other investigations into charity fundraising that led to 13 charities being issued with fines totalling £181,000 for data protection breaches.
The accounts said that the ICO also “issued advice letters to six charities; and monitored three charities with their compliance being assessed over a three month period”.
The data protection watchdog fined both the RSPCA and the British Heart Foundation in early December 2016 for breaches of data protection law in their fundraising practices. It subsequently fined 11 charities, including Cancer Research UK, Macmillan and Oxfam, in early April 2017, also for breaches of data protection legislation, including swapping and screening of personal data.
The Charity Commission subsequently announced it had opened compliance cases into the charities fined, but the Fundraising Regulator announced this week that all regulatory work had been completed by those charities.
Denham ‘intends’ to provide report to parliament
The accounts also show that Elizabeth Denham, the Information Commissioner, apparently “intends to provide parliamentarians with a wider report” on her office’s interventions in the charity sector.
The report does not elaborate on when this report will be issued, or to whom.
Denham’s predecessor, Christopher Graham, was called to appear before the Public Administration and Constitutional Affairs Committee to give evidence on methods of fundraising in October 2015. He subsequently presented written evidence to the committee in January 2016.
Charities made up 4 per cent of total self-reported incidents
The report showed that charities made up 4 per cent of the total amount of self-reported data protection incidents.
In Fundraising Magazine
This figure puts charities on an equal par with both policing and criminal records and solicitors and barristers, below the education sector with 6 per cent, general business on 9 per cent, local government on 11 per cent and health on 41 per cent.
According to the ICO's accounts, it had an income from activities of £20.1m and total expenditure of over £25m in the financial year ending 31 March 2017.