Elizabeth Denham, the Information Commissioner, has challenged the charity sector to stop clinging to the belief that her office has misinterpreted the law on fundraising data practices and instead commit to "positive change".
Speaking at an event today in Manchester organised by the Information Commissioner’s Office, the Charity Commission and the Fundraising Regulator, Denham sought to reassure delegates that she understood the value of fundraising, but said the sector needed to accept the ICO’s rulings on data protection.
She said the key issue with practices such as wealth screening or data-matching, the use of which led to combined fines of £42,000 being levied against the RSPCA and the British Heart Foundation in December, had been that donors were unaware it was happening.
And she responded to debate in the sector over whether the ICO was right to issue the fines in the first place.
"You can cling to the belief that we’ve got the law wrong or that it doesn’t apply to your sector or that the regulatory burden is too great," she said. "Or you can commit to positive change. Change that, in my view, is not only achievable but will reap its own rewards."
She said the ICO’s investigations of charity fundraising had uncovered "uncovered serious contraventions of the Data Protection Act" that "undermined the fundamental right to privacy of millions of donors".
The ICO announced three weeks ago it had notified 11 charities that it planned to fine them for data law breaches. Denham told the conference she would make the final decision on whether to go ahead with the fines in the coming weeks.
But she confirmed that the notices represented the end of the ICO’s investigations into charity fundraising.
"I want to draw a line under these investigations and move forward," she said.
"By now, charities and other fundraising organisations should be under no illusion that the activities we investigated – data-sharing, data and telematching, and wealth screening – breached data-protection rules."
Denham added that these practices broke the law because the way they were carried out could not be considered a "fair" use of the data, and many of them never could be.
"It’s hard to imagine, for example, a circumstance where searching out phone numbers or addresses that have not been shared could be fair," she said.
"Wealth screening, as least how we have seen it being done, is not fair either.
"Let me be clear. It’s not that the activity is against the law but failing to properly and clearly tell your donors that you’re going to do it."
But Denham said she appreciated the value of fundraisers’ work due to her own experiences in the Canadian charity sector as a trustee of Pacific Opera Victoria and the YWCA.
She acknowledged that it was a "tough time to be a fundraiser" and there was a lot of confusion and frustration around the law when handling data, but following the law should not stop fundraisers from doing their jobs.
"It simply obliges you to do it in such a way that respects the fundamental privacy rights of each and every one of your donors, your supporters and your volunteers," she said.
She said the ICO was not "the Department of No": it would play a role in offering guidance to the sector and had made its information for charities easier to find on its website. But Denham said it was not the ICO’s job to tell charities how to "get around" data-protection rules.