The media was overflowing with examples of poor fundraising practice in 2015, highlighting public concerns about how charities use and share donors’ personal data.
Against this backdrop and the new fundraising regulator, an NCVO Working Group has issued recommendations, underpinning which are donor consent to receiving fundraising communications and greater transparency around the use of donor data.
Consent to receiving fundraising communications purposes must be freely given, specific, informed and unambiguous
Fundraising communications are subject to the Data Protection Act (DPA) and the Privacy and Electronic Communications Regulations (PECR).
Email, SMS and fax communications must only be sent with the prior consent of recipients; telephone calls can be made to recipients who have not opted out or who are not Telephone Preference Service (TPS) registered; and postal communications can be sent to recipients who have not opted out.
Consent to receiving fundraising communications for DPA and PECR purposes must be freely given, specific, informed and unambiguous.
This requires a positive action from the recipient, such as completing a form or ticking a box. Consent must not be forced and recipients must be allowed to opt out.
The DPA also requires charities to act fairly at the point of first contact by telling donors how their personal data will be used, who it will be shared with and what they will use it for.
The working group’s recommendations go beyond these requirements by adopting a consent-based approach to all fundraising communications, irrespective of the medium.
Key recommendations include:
- consent does not last indefinitely and is valid for the donation duration but if donors cancel donations, then consent lapses 24 months thereafter
- consent should be refreshed regularly to ensure donors continue to wish receiving communications
- if donors provide contact details, this does not imply that donors consent to communications – separate consent is required
- pre-ticked boxes should not be used to obtain consent
- where donor data originates from a third party, communications should only be sent where the sender is either identified by name or charitable cause in the consent statement and telephone contact only made after TPS cross-checking
- consent audit trails, such as signed forms or telephone notes, should be retained
- data protection statements provided orally should be followed up in writing
- opt out means should be clear and opt out requests respected.
For existing donor databases, the working group suggests that charities undertake a refresh exercise by including appropriate consent wording in written, SMS and e-mail communications or providing it via telephone call (cross-checking against the TPS first).
If donors opt out or charities do not receive positive responses within six months, then fundraising communications to such donors should cease.
The working group will now submit its report to the fundraising regulator for possible incorporation into its Code of Fundraising Practice.
In the meantime, charities should complete a health check of their fundraising processes and refresh donor databases in line with the recommendations. This ensures compliance with legal requirements, the proliferation of best fundraising practice across the sector and helps put charities in good stead for the new DPA coming in May 2018.
Daradjeet Jagpal ([email protected]) is director of Information Law Solutions, a consultancy providing advice and training in data protection, access to information and direct marketing laws (www.infolawsolutions.co.uk).