Data Protection Guidelines for Charity and Voluntary Sector
by Robert Haniver
Following its audit of a number of charitable organisations, the Office of the Data Protection Commissioner has published guidelines to assist charities’ compliance with their obligations under the Data Protection Acts 1988 & 2003 (‘the Acts’).
When engaging in fundraising activities, charitable organisations may collect donors’ personal information such as their name, contact and bank details. By collecting and retaining such information, a charitable organisation is considered a ‘Data Controller’ under the Acts and is therefore responsible for ensuring its compliance with the data protection legislation.
The ‘Data Protection in the Charity & Voluntary Sector Guidelines’ provide recommendations for the transparent and fair collection, use, retention, security and disclosure of donors’ personal information. These guidelines can be downloaded from http://dataprotection.ie/viewdoc.asp?m=f&fn=/documents/guidance/Charity_Guidance.pdf
Charitable organisations that fundraise from the public are encouraged to sign up to and comply with the ‘Statement of Guiding Principles for Fundraising’ (produced by Irish Charities Tax Research (ICTR) and available at www.ictr.ie). The Guiding Principles contain a number of references to the Acts and stress the importance of respecting donor privacy, honest communication, data security and marketing preferences.
ICTR, in conjunction with the Department of Community, Equality and Gaeltacht Affairs, has launched a series of good practice fact sheets (available at http://www.ictr.ie/content/good-practice-factsheets) to assist in implementing the Guiding Principles. The published fact sheets include a Data Protection Good Practice Note and a Data Protection Checklist for the Irish charity sector.