The Information Commissioner's Office has launched an investigation into children's charity EveryChild after a folder containing donors' bank details, which belonged to one of its face-to-face fundraisers, was found on a street in Norwich city centre.
Mike Smith, a campaigner who has lobbied for tighter controls on street fundraising, found the folder and sent copies of its contents to the ICO, which enforces the Data Protection Act. He told Third Sector it contained nine completed and partially completed direct debit forms.
A spokeswoman for the ICO said it received the complaint in November and had opened an investigation. She said the ICO could serve an enforcement notice on the charity asking it to ensure it complied with the Data Protection Act in future, and that it would be granted the power later this year to issue fines of up to £500,000 to organisations that breached the Data Protection Act.
An EveryChild spokeswoman said the ICO had not yet told the charity about the investigation. "Until we have seen the documents or been contacted by the ICO, we are unable to take further action," she said.
"EveryChild takes data protection very seriously and will investigate further if contacted by the ICO."
A spokesman for the Public Fundraising Regulatory Association, which regulates face-to-face fundraising, said the organisation's lawyers had written to Smith asking him to return the original documents to the charity.
"Despite the unfortunate alleged loss of these forms, giving to charity through a face-to-face fundraiser remains safe and secure," he said.