Data protection – can charities win back the public’s trust?
Data protection was high on the agenda at 2017’s Fundraising Regulatory Compliance Conference (#FRCC2017), with speakers highlighting challenging areas where there is still plenty of progress to be made to win back the public’s trust. The main themes are nicely summed up by these quotes:
“Data protection is something for the trustees in the boardroom, not just the fundraising team.”
“People feel they have lost control of their data, and it is time for them to take back control.”
The first point reinforces the fact that data protection is about more than fundraising – it is about risk and governance. There are two main risks: foremost in trustees’ minds will be a concern about breaching the Data Protection Act. But the Act is not black and white, and trustees need to assess the risk of receiving complaints about how data has been processed.
Trustees, chief executives and senior management teams need to make decisions about how they balance the rights and responsibilities of prospects, donors and beneficiaries, and be able to justify the decisions they make. We were told from the platform that meeting donors’ and beneficiaries’ needs was the same thing – but it isn’t. Fundraisers’ jobs are challenged by the fact that not all causes are as popular as others. Balancing these rights and responsibilities is a challenge for charity trustees.
Tuesday’s conference went some way to helping trustees make these decisions, but more work needs to be done to help them avoid being risk-averse. Data innovation and privacy can be friends, according to the Information Commissioner, Elizabeth Denham. And if the ICO is called into a charity, it will first look at evidence of processes and systems for compliance, rather than focusing on the reported breach. However, fear of penalties may have unintended consequences, for beneficiaries in particular.
Paula Sussex, Chief Executive of the Charity Commission, picked up on the second quote and spoke of the Commission’s focus on maintaining public trust in charities. This has clearly dipped, and their mission to turn this around includes supporting trustees to govern their charities correctly. She feels that donors are more likely to give donations and have trust in a charity if they believe they are in control of their relationship with it. Trustees can help them take back control by making sure that they follow the Commission’s guide to trustee responsibilities over fundraising, known as CC20. This includes signing off the charity’s fundraising plan, supervising (without micro-managing) its fundraisers, and complying with the law and fundraising standards.
These assertions generated some heated responses during the break. While public trust in charities has dipped, overall donations to charity haven’t been hit in the same way. It begs the question about chasing the public trust metric: does it matter if people who are not interested in giving to charity have lower trust and confidence in how charities work? It is better for charities not to waste resources seeking funds from people who won’t give anyway. Charities do actually want people to have control over their data.
There is still more to be done to support trustees and charity leaders in making the right decisions. Some of this may result from case law. More still can grow from the dialogue between sector bodies and regulators that will stem from the event. The conference has also produced lots more to read, with guidelines on direct marketing and consent published online by the Fundraising Regulator, and promised guidelines from the ICO within the next few weeks on consent and privacy statements. The NCVO’s recent state of the nation report on charities in 2017 said it would remain a challenging environment for charities. They weren’t wrong.