ICO investigates illegal data sharing in charity sector
'Everyone's got to stick to the law, and if the law's been broken then we will act' warns Information Commissioner Christopher Graham
The Information Commissioner's Office (ICO) is investigating data sharing in the charity sector following concerns that organisations might be selling contact data about donors.
A report by the Daily Mail claims that the contact details of an elderly dementia sufferer were passed on 200 times, leading to the vulnerable man being contacted hundreds of times by charities after he forgot to tick a "don't share my details" box. As a result, the personal details of 87-year-old widower Samuel Rae also fell into the hands of 12 scam firms, which led to him losing £35,000 after being bombarded with calls.
Information Commissioner Christopher Graham said data sharing in the charity sector is "clearly concerning" and wrote that the ICO has "launched an investigation to work out exactly what has happened".
The watchdog states that it's ready to take action if the law has been broken, which could see charities issued with a fine of up to £500,000 or face prosecution under the Data Protection Act in the magistrates court.
"The Data Protection Act is very clear: the very first principle is that your data should only be processed fairly and lawfully. What has been described in the papers this week doesn't look like that," said Graham.
"If Samuel Rae is still being plagued with unwanted mail and unwanted approaches, then it is really beside the point whether or not he ticked a box in 1994," he continued, adding that not ticking such a box does not constitute consent and '"that doesn't give you the right to trade in people's personal information years after the event".
Graham said cases like this mean there's a danger of charity becoming "a dirty word" which he said "clearly isn't fair", but he added that the Data Protection Act applies to every organisation, no matter what sector they are in.
"The rules on data protection and the rules about privacy and electronic communications apply to all who are processing data, whether businesses or charities. Everyone's got to stick to the law, and if the law's been broken then we will act," he said.