Buying donor lists has long been a popular way for charities to gain access to prospective supporters for their direct-mail campaigns. Adrian Williams, managing director of the list broker DM Focus, estimates that almost two-thirds of charities that fundraise via direct mail buy lists of potential donors, about 10 per cent exchange their donor lists with other charities and about 3 per cent sell or rent these lists to third parties.
Charities find buying donor lists an effective way of securing new and committed givers. They particularly like obtaining donor lists from other charities – whether these are rented or exchanged for details of some of their own supporters – because it allows them to target people who are already open to giving to charity.
However, the way charities usually secure these lists, through brokers who obtain people's details from third parties, including banks and mail-order companies, and the fact that some of them pass the lists on to other organisations, which might in turn sell them on multiple times, has attracted strong criticism from the media since the death of Olive Cooke in May.
Such criticism has had its own effect. In September, the Information Commissioner's Office launched an investigation into allegations in the Daily Mail newspaper that data-sharing among charities had led to a man with dementia being tricked out of £35,000 by unscrupulous companies.
Some charities have reacted by changing or carrying out reviews of their practices. While the few charities that sell donor lists appear to be phasing out this practice – the deafness charity Action on Hearing Loss – decided to stop renting data in May, for example – most of the charities that buy them, including the cancer charity Breast Cancer Now, plan to continue doing so. How do they avoid being the subject of the next Daily Mail scandal?
Elaine Fletcher, a data-protection specialist at the law firm DWF, says that charities that buy lists should aim to work with list brokers who are members of the Direct Marketing Association and should ask to see samples of the consent given by people to share their details. They should also ask if the lists have been checked against the Mailing Preference Service and the Telephone Preference Service, she says, and refrain from using them until this has taken place.
Vicki Bowles, a senior charity and social enterprise associate at the law firm Stone King, says charities that want to protect their reputations ought to follow the Institute of Fundraising's new guidance on data-sharing, announced in September, and share the details only of those people who have signed a prominently located opt-in box. But she warns that this will have a knock-on effect, because the reduced number of contacts will lower the quality of the data charities get. She also says that it will do little to protect vulnerable people, because they might end up ticking opt-in boxes without realising their significance.
According to Bowles, the ICO's investigation of data-sharing will want to establish whether the charities involved, such as the PDSA, have sufficient evidence that the people whose details they traded had given their consent.
If the ICO finds the charities to be at fault, she says, it is likely to make an example of them because of the public interest in the subject, although they will probably be fined only if the regulator deems them guilty of deliberate non-compliance with the law. She says the best thing that charities can do to prepare themselves for such an investigation is ensure that they can demonstrate a strong overall understanding of data-protection issues and that they have consulted the ICO's guidance on data-sharing, available on its website.
"There's no room for error with the ICO," she says. "If a charity claims it didn't understand data-protection legislation, it won't wash."