The warning of the Information Commissioner’s Office (ICO) that charities risked becoming a dirty word has gained substance after the ICO found that the RSPCA and the British Heart Foundation were paying investigators to snoop on donors to discover the extent of their wealth and assess how much might come to the charities in the donor’s wills. The two charities were also found to be sharing donor’s data with other organisations, putting them at risk of fraud.
For these breaches of the data protection laws the RSPCA has been fined £25,000 and the British Heart Foundation £18,000, amounts the ICO said were just a small fraction of the £250,000 each charity could have been fined. It said that the small fines were “for the sake of the donors”.
There is a view that the penalties could “open the floodgates” for thousands of donors to sue the RSPCA and British Heart Foundation for misuse of their private information, a process they were not made aware of., nor one they could object to or contest.
The ICO is currently investigating other charities to detect breaches of data law.