Marketing & communications, Direct and digital marketing

A £100,000 fine... is your charity at risk too?

Ensuring adequate protection of your donors' personal data.

Did you know a charity was recently fined £100,000 after they were cyber-attacked? And if your charity holds any donor data it potentially faces a similar risk.

So what’s the story behind the fine? And more importantly, how can you stop it happening in your organisation?

Who was fined £100,000?

The British and Foreign Bible Society was fined £100,000 on 31 May 2018 by the Information Commissioner’s Office (ICO).

What is the ICO?

The ICO is an independent body which oversees data privacy for individuals. It can take legal action against organisations that collect, use and keep personal information.

Why was the fine issued?

The fine was issued because the ICO found that the Bible Society failed to adequately protect their donors’ personal data – as a result the cyber-attack exposed donors to possible financial and identify fraud.

How can a fine be justified when the Bible Society was cyber-attacked?

Despite the fact that the Bible Society was the victim of a criminal act (hacking) the ICO found that it failed to take appropriate technical and organisational steps to protect its supporters’ personal data.

The Head of Enforcement at the ICO, Steve Eckersley, said:

“Cyber-attacks will happen, that’s just a fact, and we fully accept that they are a criminal act. But organisations need to have strong security measures in place to make it as difficult as possible for intruders.”

Was this fine under the current Data Protection Act 2018?

No, and that’s the scariest part for charities. This fine was issued under the Data Protection Act 1998 (due to the date of the incident) when the maximum applicable penalty was £500,000. Now (under the Data Protection Act 2018) the maximum penalty is 4% of global turnover or up to £17million.

How can charities ensure their data protection measures are adequate?

In these times of stringent data protection, charities must ensure their digital security measures are adequate.

To help your charity stay up to speed in the ever-changing digital landscape, we’re running the Charity Digital Conference.

You’ll hear from – and can put questions to – charity digital leaders and funders. You’ll learn tips to help shore up your charity’s digital landscape. And you’ll leave with insights that will prepare you for the digital future.

It’s not too late to sign up for this conference happening on Friday 29th June! Book sessions here now.

You can access the full conference schedule here. Sessions include:

  • Dealing with data: beyond GDPR
  • How charities can deliver digital products and services
  • Charity digital transformation tools and techniques
  • Digital marketing tips and tricks
  • Funding charity digital