Charities fined £138,000 by ICO for abusing data protection laws to target wealthy donors

Cancer Research UK ranked potential donors based on their wealth

Eleven charities have been fined a total of £138,000 for breaking data privacy rules, building databases of personal data to mine to find the wealthiest potential donors and even sharing that data among themselves.

An investigation by the ICO between 2015 and 2017 that found that some of the countries' biggest charities were flouting data protection and privacy rules in their fund-raising activities.

In some cases, the charities were accused of using private information to target elderly and vulnerable people for donations, often based on information that wasn't freely given by their prospective donors.

Some also used wealth-screening companies to better identify wealthy, especially elderly, potential donors and to target them for donations, especially for bequests in their wills.

And many of the charities shared this information among themselves, meaning that some names in their databases were repeatedly targeted by different charities.

Some of the UK's best-known charities were fined for such activities, including Battersea Dogs' and Cats' Home; Cancer Research UK, and Great Ormond Street Hospital Children's Charity.

Battersea Dogs' and Cats' Home was fined £9,000 for finding information about potential donors that they did not provide in order to target them for donations. Between 2011 and 2015, Battersea Dogs' and Cats' Home used this approach to try to find out information more than 740,000 times.

Cancer Research UK was fined £16,000 for ranking potential donors based on their wealth, screening 3.5 million supporters in this way between 2010 and 2016, making more than 675,000 phone calls to solicit donations based on this data.

And Great Ormond Street Hospital Children's Charity built a database of potential donors based on information they did not provide, sent 795,000 records every month to a wealth screening company and routinely shared personal data with other charities. For this, it was fined the sum total of £11,000.

The other charities were fined as follows:

• The International Fund for Animal Welfare, fined £18,000;
• Cancer Support UK, £16,000;
• Guide Dogs for the Blind, £15,000;
• Macmillan Cancer Support, £14,000;
• The Royal British Legion, £12,000;
• National Society for the Prevention of Cruelty to Children, £12,000;
• Oxfam, fined £6,000; and,
• WWF-UK, £9,000.

It follows on from big fines levied against the RSPCA and British Heart Foundation in December last year as a result of the same investigation.

The charities have arguably been let off lightly: any company would not have fines of less than £20,000 levied for these kinds of transgressions.

The ICO could have fined them as much as £400,000 - and no staff appear to have been disciplined either.

Under the EU General Data Protection Regulation coming in next May, the ICO could fine organisations as much as four per cent of their turnover for such trangressions - a sum that could amount to many millions of pounds for Britain's biggest charities.