The Information Commissioner Elizabeth Denham has said that her office was not aware about the practice of charities wealth screening up until the media complaints in the summer of 2015.
Speaking at the Fundraising and Regulatory Compliance Conference in Manchester yesterday, Denham admitted that the ICO had been completely caught off guard by the fact that charities had been wealth screening prospective donors on an industrial scale.
“There had been some extreme cases [of wealth screening] reported in the media, and my office had not taken action in the past. The fact is that we didn’t know about wealth screening and we can’t know about all the practices across all sectors. We have a very wide remit.”
In its findings against both the British Heart Foundation and the RSPCA, the ICO said they had taken action against the charities because the kinds of wealth screening (amongst other things) the charities were doing fell “outside what individuals would reasonably expect” their data to be used for after they had donated.
Practice was 'invisible'
In response to a question from the floor as to what evidence the ICO used to come to this conclusion, Denham said that the practice was “invisible” to individuals and was therefore in breach of the Data Protection Act.
“Commercial companies and social media companies in their terms and conditions, even if it is written in legalese, will spell out what is happening with a person’s information. So in terms of wealth screening what we’re saying is, it’s invisible to individuals and in order for it to be lawful you need to inform individuals as to how you’re using their personal information.
“It’s not something we plucked out of the air, so much as we understood in talking to individuals that it wasn’t reasonably expected”.
She also said that the ICO had received complaints regarding wealth screening and had had various “responses” from audiences when it had discussed the topic in public forums since 2015.
“We’ve had complaints to the ICO and responses from individuals when we’ve discussed wealth screening. Have I done a focus group with fundraising supporters? No, I haven’t. But we have heard this in spades from many organisations and individuals, as well as from complainants”.
Denham said this despite the fact that both penalty notices to the BHF and RSPCA alluded to that those individuals caught up in the organisation’s wealth screening operations didn’t know it was happening and, as a result, couldn’t have complained to the ICO themselves.
‘The Data Protection Act does not stop you from doing your jobs’, says ICO
In her speech, the Information Commissioner said that, in her conversations with other regulators in the sector, she appreciated that it “feels like a tough time to be a fundraiser”, but said that the Data Protection Act was not designed to stop them doing their jobs.
“This feels like a tough time to be a fundraiser. I’ve spoken to my fellow regulators, to government and to individual charities themselves – I understand this is a time of confusion and flux and, in some cases, frustration.
“But what I’m here to tell you is that the Data Protection Act does not stop you from doing your jobs.”
Denham said that the act simply “obliges you to do it in such a way that respects the fundamental privacy rights of each and every one of your donors, your supporters, and your volunteers”.
She said that the ICO was not “the department of no” but she said that it wouldn’t tell fundraisers how to “get around the Act” nor would she “tell you how to design a form with a tick box that lets you off the data protection hook”.
She also reiterated said that she would be making her “final decision on sanctions” for the 11 charities named in the latest set of notices of intent to fine “in the coming weeks”. She reiterated however that, once that process was complete, the ICO wanted to “draw a line under these investigations and move forward”.
A full transcription of Denham’s speech from the conference can be read here.