1: What next for charities and fundraising?
It has been a “summer horribilis” for fundraising charities, with a constant barrage of high profile, negative revelations about the tactics used by some fundraisers. With the recent announcement that the Government accepts the recommendations from Sir Stuart Etherington’s review, we can expect changes in the fundraising landscape in the future. But will those changes fix the underlying problems or will the Government feel it has to step in?
Charities are not exempt from the law
In a sense, the issues laid bare in the press coverage over the summer were probably problems waiting to happen. The Information Commissioner’s evidence to the Parliamentary inquiry instituted by the Public Administration and Constitutional Affairs Committee noted that the Information Commissioner’s Office (ICO) had, in earlier guidance, made a concession that it would not enforce against charities which contacted regular supporters on the Telephone Preference Service (TPS) unless it received complaints. Unfortunately, the ICO’s pragmatic approach seems to have been interpreted by some as meaning that charity fundraisers had a special exemption from the law. This was compounded when the view seemed not to be challenged by fundraising regulators, which, the evidence noted, had failed to amend their guidance when the ICO removed the concession in 2013.
The Information Commissioner’s evidence notes other failings, with some charities under investigation not having reliable records to identify whether donors had consented to receive marketing. There were also problems with retention policies, the wording of privacy policies and opt-in/opt-out wording.
In taking its earlier approach, the ICO had assumed a “level of trust”. The reaction from some in the sector has instead damaged the public’s trust in charities generally.
Rebuilding trust – a non-statutory fundraising regulator backed up by statute
The intense scrutiny over the summer continues into the autumn with the Parliamentary inquiry and the ICO’s investigation, as well as an investigation by the Fundraising Standards Board (FRSB), ongoing. In the meantime, we are likely to see pressure from the Government on sector leaders to start building the “new regulatory structure” promised by Civil Society Minister Rob Wilson.
If implemented, that structure is likely to see the FRSB replaced by a new body, the Fundraising Regulator, which would take over responsibility for a strengthened Code of Fundraising Practice and would be the conduit for complaints about fundraising from the public. The Code has recently been updated with changes including banning charities from selling an individual’s data to third parties and requiring clearer opt-in and opt-out statements on printed communications. However, we should expect a new regulatory body taking over the Code to review it further to see that it is “fit for purpose”.
The Government and the sector have been clear that they do not favour introducing a statutory regulator. The new regulator would therefore form part of a hybrid regime, being itself a “self”-regulator, but backed up by statutory regulators in the form of the ICO (for alleged data protection breaches) and the Charity Commission. The Institute of Fundraising (IoF) and newly renamed Public Fundraising Association (PFRA) would remain as membership bodies and either merge or work in a closer strategic alliance.
There is also the possibility of a new “Fundraising Preference Service”, although it is not clear at present how that service would operate (e.g. if someone registers after a charity has instituted a major campaign) and how it would inter-relate with the existing Telephone Preference Service.
Notwithstanding the backing of the statutory regulators, the new regulator would face some challenges. Without statutory backing, or central funding, its regime will essentially be voluntary and hence based on trust. At present, it is unclear how the regulator would enforce payment of the proposed levy on fundraising charities, upon which it would depend for its financing, or how it would enforce its proposed powers of sanction, such as a power of “cease and desist” orders over certain fundraising activities.
However, the recent Ministerial statement said that the Government “will have new powers to intervene and regulate fundraising” if large charities fail to take appropriate steps to safeguard their supporters. We should expect amendments to the Government’s reserve power to make fundraising regulations in the Charities Act 1992 to act as a “Damocles sword” over the sector, should it fail to satisfy Ministers that it has instigated sufficient reform.
Steps for charities to take now – know your data protection policy
The publicity in recent months has focused on fundraising, but the problems reported have tended to arise from data protection failings. Charities are not exempt from data protection law and, as has been seen, breaches in this area can result in damage to reputations as well as hefty fines. It may be that the impact will become more direct for charity trustees, with the Information Commissioner suggesting on the BBC’s Today programme last month that the Government may want to consider making directors personally liable for data protection breaches.
In rebuilding trust with the public and supporters, charities would do well now to audit their data protection practices and see what steps may be needed to adjust how they communicate with donors and supporters. Considering the following areas may help:
- What data does the charity hold and use?
- Is it sensitive?
- For what purposes can the data be used – do you know what consents you have in place?
- Who has access to the data?
- Where is the data stored?
- How long is the data stored for?
- Does the information also contain data about third parties?
- What is the charity’s approach to personal data requests?
- What training on data is given to staff and volunteers?
Answering these questions can help to identify, on a “traffic light” system, which areas need addressing and how that might be done within the charity’s resources.
Charities should have a data protection policy which flows through all their activities, including the activities of the fundraising teams, as well as to any external agencies. As the Information Commissioner has noted, charities should not treat fundraising as a separate activity from data protection – they also need to consider the wider data protection obligations and be sure to treat people “fairly and in line with expectations”.
19 October 2015