People who report data protection issues to the Information Commissioner's Office do not make a distinction between commercial organisations and charities, warns David Evans, group manager at the ICO.
Speaking at the launch of Charity Finance Group’s (CFG) data protection guide for charities he said that fundraisers sending out emails and text messages to supporters should “note that the people pushing that button (reporting a possible misuse of their data) on our website are not drawing distinctions about who has contacted them – they just see this as nuisance marketing”. But he added that as long as the organisation has a system for removing people who asked to be taken off contact lists, they would not get into trouble.
The other area of data protection that charities ought to be particularly aware of is data security, he said. However, despite two high profile fines of charities within the last year for data protection breaches Evans reassured charities that: “I can pretty much guarantee that we are not going to be issuing dozens of monetary penalties for charities.” And that as long as organisation had sought advice, and taken time to look at the risks and developed a policy, they should avoid penalties.
He added: “We do not expect charities to have spent as much on data protection as large companies but we do expect them to have done their homework.”
Last year the ICO announced that it would carry out free advisory visits for charities.
New guide for charities
CFG this morning published Protecting Data Protecting People a Guide for Charities on its website. It was developed with support from a steering group of members and the ICO and as well as tailoring advice to the sector includes a number of case studies.
Caron Bradshaw, chief executive of CFG said: “We recognise that as the law evolves in this area, the landscape is becoming increasingly complex. However, it’s crucial that charities get the basics right - for reputational, ethical and financial reasons.”
She added: “Data protection is sometimes seen as an issue just for big charities, but even the smallest are likely to hold personal data without necessarily fully understanding the legal framework. We hope that this practical guide will finally provide charities with a clear outlook on their responsibilities and on how to approach this complex issue.”
