The British Heart Foundation Charity secretly screened thousands of their donors to target the most generous ones for further donations. As a result of their behaviour, they have been given a monetary fine by the Information Commissioner’s Office (ICO).
Although the first thing that springs to mind is the fact that we’re talking about a charity here, we must always remember that no one is above the law – a fact that the ICO had to recognise when investigating their behaviour.
The well-known charity was reported to have used external wealth management companies to analyse the personal information they had about their donors. The ICO reported that 1,047,544 pieces of personal information were shared, belonging to 552,092 individuals. They did this to find out who were the most likely to give again, and give the most amount.
British Heart Foundation shared personal information such as the donors’:
- Full names;
- Addresses;
- Unique reference number;
- Last donation date;
- Last donation amount;
- Gift aid status;
- Donation type: whether the donor donated through a charity raffle, if they were regular donors etc.
In passing along this information, the British Heart Foundation was found to have breached their legal duties under Data Protection laws. Any company or organisation must follow the legal principles of the Data Protection Act. The ICO primarily found the British Heart Foundation to have breached their legal duty to process the information they have in a fair and lawful way. The charity also had a legal obligation to make sure the way they use this information is a specified and lawful one.
The way British Heart Foundation shared their donors’ information was not a lawful one. Donors had no idea this was happening and therefore couldn’t even consent if they wanted to. British Heart Foundation’s actions led to many donor’s receiving an increase in direct marketing communications. For this, the ICO said the British Heart Foundation caused ‘substantial damage‘ and ‘distress‘.
Donors had no way of opting out of these communications and could have been receiving numerous phone calls per day, asking for donations. This is hardly the behaviour you would want after having donated your own money to a good cause…
The ICO recognised that British Heart Foundation is a charity operating in the public’s interest and took this into consideration when calculating how much of a penalty fine to give. Other mitigating circumstances included the British Heart Foundation’s immediate co-operation with the investigations and that they have since stopped the illegal actions. However, because British Heart Foundation did this for financial gain and for several years, charity or not, the ICO had to give a penalty fine for its actions in breaching thousands of people’s fundamental rights. An £18,000 fine was given.
This penalty could be seen as harsh, especially when considering the British Heart Foundation is a charity and charities only hold money for those in need of it. However, it shows the ICO is determined not to stray from the objective of protecting the nation’s personal information.
Hopefully other charities will take note and use their information on donors sensibly to protect their donors.