Eleven Major Charities Fined for Breaches of Data Protection


The Information Commissioner’s Office has fined eleven charities that breached the Data Protection Act by misusing donors’ personal data.

ICO investigations found many of the charities secretly screened millions of donors so they could target them for additional funds. Some charities traced and targeted new or lapsed donors by piecing together personal information obtained from other sources. And some traded personal details with other charities creating a large pool of donor data for sale.

The action follows penalties issued to two charities in December 2016.

The charities fined were:

The International Fund for Animal Welfare – £18,000

Cancer Support UK (formerly Cancer Recovery Foundation UK) – £16,000

Cancer Research UK – £16,000

The Guide Dogs for the Blind Association – £15,000

Macmillan Cancer Support – £14,000

The Royal British Legion – £12,000

The National Society for the Prevention of Cruelty to Children – £12,000

Great Ormond Street Hospital Children’s Charity – £11,000

WWF-UK – £9,000

Battersea Dogs’ and Cats’ Home – £9,000

Oxfam – £6,000

A summary of how each charity breached the law can be found here.


The Information Commissioner has exercised her discretion in significantly reducing the level of today’s fines, taking into account the risk of adding to any distress caused to donors by the charities’ actions. The same approach was taken to fines issued to the Royal Society for the Prevention of Cruelty to Animals (£25,000) and British Heart Foundation (£18,000) in December.

Information Commissioner Elizabeth Denham said:

“Millions of people will have been affected by these charities’ contravention of the law. They will be upset to learn the way their personal information has been analysed and shared by charities they trusted with their details and their donations.

“No charity wants to alienate their donors. And we acknowledge the role charities play in the fabric of British society. But charities must follow the law.”

The charities were investigated by the ICO as part of a wider operation sparked by reports in the media about repeated and significant pressure on supporters to contribute. There are no other outstanding investigations into charities as part of that operation.

Elizabeth Denham added:

“These fines draw a line under what has been a complex investigation into the way some charities have handled personal information. While we will continue to educate and support charities, we have been clear that what we now want, and expect, is for charities to follow the law.”

In February, the ICO, the Charity Commission and the Fundraising Regulator held a conference for charity trustees, aimed at informing, educating and providing clarity to the sector. The ICO website also has detailed guidance on the rules around data sharing and marketing.


Please enter your comment!
Please enter your name here