UK charities fined for data breaches
This week, the UK Information Commissioner’s Office (ICO) fined 11 charities for breaching the data protection act by misusing the personal information of past donors in order for them to seek further funding.
The ICO said that the offenses included secretly piecing together data form several sources as well as trading personal information to target new and lapsed donors. The ICO said that all charities must adhere to the law and that the action follows penalties that were issued to at least two charities back in December 2016.
The Information Commissioner, Elizabeth Denham said: “People will be upset to learn the way their personal information has been analysed and shared by charities they trusted with their details and their donations”
The charities fined were:
- The International Fund for Animal Welfare- £18,000
- Cancer Support UK (formerly Cancer Recovery Foundation UK)- £16,000
- Cancer Research UK- £16,000
- The Guide Dogs for the Blind Association – £15,000
- Macmillan Cancer Support- £14,000
- The Royal British Legion- £12,000
- The National Society for the Prevention of Cruelty to Children- £12,000
- Great Ormond Street Hospital Children’s Charity- £11,000
- WWF-UK- £9,000
- Battersea Dogs’ and Cats’ Home- £9,000
- Oxfam- £6,000
The Charity Commission for England and Wales said it was now investigating whether follow-on action would be taken against individual trustees.
It’s not just Charities
Although this article is highlighting the misuse of personal information from charities, it’s not just them. All businesses can be affected through the mismanagement and handing of personal information, especially when the new GDPR comes into play in May 2018.
All businesses need to ensure that they are going the upmost to ensure they handle information safely and securely and ensure that the information they hold is interacted with appropriately.
What do you need to know?
Companies, need to know what they can and can’t do with the handing of information, this will become even more prevalent when the GDPR, which is essentially the new UK data protection act, comes into force in May 2018. Businesses will be fined more heavily and they will be expected to know what they are doing.
It is recommended that if your business is unsure of how to handle personal information, then you should look at completing the Cyber Essentials Scheme and IASME governance. This certification will help your business ensure you’re doing the best with regards to handing data and that your processes are in place.
For more information about Cyber Essentials and IASME governance, check our site at: https://terabyteit.co.uk/cyber-essentials
Act now, review your policies and procedures and make sure you are not the next business to be fined.