Data Protection for Fundraisers

Similar documents
Merthyr Tydfil County Borough Council. Data Protection Policy

Guidance on political campaigning

Sustainable Extraordinary Philanthropy GG+A WHITE PAPER. Advancement Services United Kingdom / Consultants in Philanthropic Management

Standard of Electronic Fundraising Practice

Data controllers and data processors: what the difference is and what the governance implications are

Data Protection Good Practice Note

technical factsheet 176

Mitigating and managing cyber risk: ten issues to consider

Privacy Policy. Federal Insurance Company, Singapore Branch Singapore Personal Data Protection Privacy Policy. 1. Introduction

Big Data for Mutuals. Marc Dautlich 25 November 2013

Data Protection and Information Security. Procedure for reporting a breach of data security. April 2013

dma How to guide and cookies legislation Published by The DMA Marketing Council and the IAB Marketing Council we are the

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation

Corporate ICT & Data Management. Data Protection Policy

Privacy Policy. Ignite your local marketing

Data Protection Act. Conducting privacy impact assessments code of practice

Claims Management Regulation. Marketing and Advertising Guidance Note

Australian Charities and Not-for-profits Commission: Regulatory Approach Statement

Privacy Policy Draft

A Practical Guide to the Data Protection Act

The European Guide to Data Law

Appendix A Data Protection and Marketing Regulatory Considerations for the European Union

APPOMENSE HOPE FOR AFRICA PRIVACY POLICY

ESTRO PRIVACY AND DATA SECURITY NOTICE

Data Protection Policy

Terms and conditions of use

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, A Guide for Data Controllers

HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU

Fundraising Standards Board. FRSB Investigation into Charity Fundraising Practices instigated by Mrs Olive Cooke s case

New EU Data Protection legislation comes into force today. What does this mean for your business?

AASA Online Privacy Policy CRP.020

Charities, Trading and the Law

Requiring direct marketing callers to provide Calling Line Identification. January 2016

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

BLUE BADGE INSURANCE PTY LTD BLUE BADGE COMMUNITY AUSTRALIA PTY LTD PRIVACY POLICY

Focus on Subject Access Requests for insurance purposes. August 2015 (updated further to July 2015 guidance)

PRIVACY POLICY NEXT BUSINESS ENERGY PTY LIMITED ABN

Crawford Chondon &Partners LLP. Is your Business Ready for Canada s Anti Spam Law?

I. Personal data and its use in the business to business environment.

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015

THE PUBLIC RELATIONS CONSULTANTS ASSOCIATION. Find A PR agency Terms and Conditions for Clients

JOB DESCRIPTION. 2. Organisation chart. Individual Giving. Support Care Manager. Legacy. Direct Marketing Manager. Manager. Data Marketing Executive

Disclosure is the action of making new or secret information known.

Information Governance Framework. June 2015

Compliance guide: Data protection. A practical guide to meeting your regulatory and best practice obligations

PRIVACY POLICY. comply with the Australian Privacy Principles ("APPs"); ensure that we manage your personal information openly and transparently;

Attitudes to Use of Social Networks in the Workplace and Protection of Personal Data

On the edge Lexis PSL Restructuring & Insolvency

THE UK S ANTI-MONEY LAUNDERING LEGISLATION AND THE DATA PROTECTION ACT 1998 GUIDANCE NOTES FOR THE FINANCIAL SECTOR. April 2002

Subject access code of practice

How To Understand The Data Protection Act

Beacon Financial Group - Privacy Policy

Data protection compliance checklist

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

ESOMAR PRACTICAL GUIDE ON COOKIES JULY 2012

TERMS OF BUSINESS. Our commitment to you MCCAMBRIDGE DUFFY INSOLVENCY PRACTITIONERS

Terms and Conditions

Data Protection and Privacy Policy

Consumer rights to return faulty goods

The Manitoba Child Care Association PRIVACY POLICY

Transcription:

The Charity First Series Data Protection for Fundraisers Lawrence Simanowitz and Mairéad O Reilly

The Charity First series aims to provide practical and straightforward guidance on the challenges confronting charity operations today, with fundraising in the spotlight. Its individual subjects range from those concentrating on the UK and Ireland to non-profit issues in the EU and other jurisdictions, from traditional to digital fundraising and from basic help for those just entering the third sector to specialist areas for the more experienced. For further information and orders see www.charityfirstseries.org This sample consists of brief extracts from one title in the series. 3

DATA PROTECTION FOR FUNDRAISERS Lawrence Simanowitz and Mairéad O Reilly 5

The publication from which this material is taken was first published electronically in 2012 by Social Partnership Marketing LLP 38 Leconfield Road, London N5 2SN Bates Wells & Braithwaite LLP, London, 2012 Please note that you have bought copyright material. You have the right to save one electronic copy for yourself, to print out one copy, and to show the material if required to colleagues. However, you cannot republish the material beyond that. If you wish to do so, contact the publisher for permission. Full version: ISBN 978-1-908595-13-3 Limit of Liability/Disclaimer. While the publisher and author have used their best efforts in preparing this publication, they make no representations or warranties in respect of the accuracy or completeness of the contents of this publication. If legal advice or other expert assistance is required, the services of a competent professional should be sought. 6

CONTENTS Preface. 11 Introduction. 13 1 Overview of Legal Background. 15 What does the Data Protection Act (DPA) do? ~ Who is responsible for enforcing the DPA? ~ What is personal data? ~ What is sensitive personal data? ~ What comes within the definition of processing? ~ What is a data controller? ~ What is a data processor? ~ What are the Data Protection Principles? ~ What does the DPA say about direct marketing?~ The Privacy and Electronic Communications (EC Directive) Regulations 2003 2 Fair Processing. 23 The First and Second Data Protection Principles ~ What are legitimate interests? ~ Consent and personal data ~ Consent and sensitive personal data 3 Fundraising by Post and Telephone. 29 Sending fundraising materials by post ~ Making fundraising telesales calls 4 Email and SMS Fundraising. 33 Summary of the rules on sending fundraising emails and text messages to individuals 7

Contents 5 Transferring Personal Data to Suppliers and Other Third Parties (including sending data outside Europe). 37 The key checks that organisations should carry out when sharing personal data of supporters with third parties 6 Data Collection Statements. 43 The use for which individuals data is sought ~ The use of email addresses for marketing information ~ Supplying data to other organisations ~ Means of stopping marketing communications ~ What to record ~ Sensitive personal data 7 What Happens if you Breach the DPA or the 2003 Regulations?. 47 Overview ~ Fundraising Standards Board (FRSB) 8 Common Fundraising Questions. 49 How to unlock supporters from historical records ~ Is profiling/major donor fundraising compliant with the DPA? ~ What issues are raised by website cookies? 9 Links to Further Information. 55 9

PREFACE The authors of this guide are solicitors at Bates Wells & Braithwaite, one of the leading specialist charity law firms in the UK. This book draws on the authors experience of advising charity clients on the Data Protection Act 1998 since its implementation in 2000. In that time we have seen the attitude of charities towards data protection change markedly. Ten years ago data protection was an afterthought for most charities. Today it is, by necessity, often a key issue in the formation of policy and strategy. As fundraisers become more creative and resourceful in the ways that they engage with supporters and donors, it becomes an ever more complex challenge to balance the wishes of fundraisers with legal requirements to protect supporters personal information and contact them appropriately. Fundraisers know that as well as avoiding breaching data protection law, any effective fundraising campaign must not undermine the goodwill attached to a charity s brand. Fundraisers often complain that the law surrounding data collection notices, sharing supporter data, opt-ins and opt-outs is confusing and it is certainly the authors experience that this is an area of law that is widely misunderstood. The aim of this book is to de-mystify the subject, giving a simple introduction to the basics as well as practical advice on issues that commonly arise. We wish you successful (and compliant) fundraising! Acknowledgement Particular thanks are given to Mairéad O Reilly who has written much the greater share of this guide. 11

INTRODUCTION Having a sound understanding of data protection law is invaluable to those involved in fundraising for charities and other not-for-profit organisations. This guide offers advice on practical ways of complying with the legal requirements, but also takes into account the objective of many fundraisers to encourage potential supporters to provide information about themselves. The authors have concentrated on the modes of charity fundraising where data protection issues most commonly arise, namely: 1. Postal marketing or junk mail (as it is sometimes pejoratively known); 2. Telemarketing; and 3. Email and SMS marketing. The contents of this book are, to the authors knowledge, up to date at the time of publication. In coming years the data protection landscape is likely to change with the introduction of the European Commission s proposed Data Protection Regulation. Readers should be aware that this publication constitutes general guidance only and that advice should be taken on specific issues. 13

1 OVERVIEW OF LEGAL BACKGROUND This chapter introduces the two key pieces of English legislation that fundraisers should be aware of in this area: the Data Protection Act 1998 ( the DPA ) which sets out key data protection definitions and principles; and the Privacy and Electronic Communications (EC Directive) Regulations 2003 ( the 2003 Regulations ) which impose additional restrictions on marketing by electronic means. What does the DPA do? At the heart of the DPA is the challenge of balancing an individual s right to privacy against an organisation s legitimate use of that individual s personal information. The DPA gives protection to the individual against misuse of his or her personal information. It also enshrines rights such as the right to: be given a copy of most information that relates to him/her (known as the right of subject access); require that inaccurate or misleading information is corrected; prevent processing for marketing purposes or which causes substantial damage or distress; and seek compensation if personal information is being or has been misused. The DPA imposes obligations on those who hold individuals 15

Data Protection for Fundraisers information such as charities and other not-for-profits (but not on individuals using it for private domestic purposes). The legislation covers only personal data which is discussed later in this chapter. Who is responsible for enforcing the DPA? The DPA and the 2003 Regulations are enforced by the Information Commissioner s Office ( the ICO ). The ICO is an independent regulatory authority, reporting directly to Parliament. What is personal data? Personal data is data that relates to a living individual who can be identified from that data or from the data and any other information which is in (or is likely to come into) the possession of the data controller. This includes a person s name, address and in some cases simply their email address. The ICO has produced guidance following a Court of Appeal case in which the court interpreted personal data narrowly. It held that personal data does not include a passing reference to or a mere mention of an individual where that information is not biographical. As an example of this, if an individual is copied into an email, even though their name and email address may be visible to all readers that may not tell you anything about the individual. Where that is the case, the information is not biographical and so would not be regarded as personal data. It would therefore fall outside of the scope of data protection law and would not be subject to the rules and rights discussed in this book. In the Durant case the court also held that most data which is held physically (i.e. not on a computer), for instance handwritten notes about a prospective major donor, does not fall within the definition of personal ------------ Text of full version continues /... 16

About the Authors About the Authors Lawrence Simanowitz is a partner in the charities team at Bates Wells & Braithwaite LLP London. He is particularly noted for his expertise in IP and information law including freedom of information, data protection, privacy and confidentiality. He is on the board of the Fundraising Standards Board, and is the legal author of Data Protection for Voluntary Organisations. Mairéad O Reilly is an associate at Bates Wells & Braithwaite LLP London. She specialises in advising charities and not-for-profits on fundraising, e-commerce and data protection. Mairead has lectured widely on data protection in the context of fundraising, e-marketing, subject access requests, data security and data sharing. Bates Wells & Braithwaite London LLP (BWB) is one of the leading charity and social enterprise law firms in the UK. It has a large team of specialists advising not-for-profits, public authorities, regulatory bodies and commercial and social enterprises on all aspects of data protection and freedom of information law. (www.bwbllp.com) Booklet and identity design by fivefourandahalf. 57

The Charity First Series For the full list of titles in the Charity First Series, including titles in preparation, see our publications list. Titles already published include: Fundraising for Small Charities Major Gift Fundraising Prospect Research Legacy Fundraising from Scratch Raising Funds from Grant Makers Structuring Not-for-Profit Operations in the UK Also published by Social Partnership Marketing Invisible Grantmakers - an annual listing of unpublished grantmaking trusts. See www.socialpartnershipmarketing.co.uk for further details. Full version ISBN: 978-1-908595-13-3

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information