ICO Pressures Charities To Open Doors For Data Protection ‘Check Ups’

Thomas Brewster,

The ICO doesn’t want to fine charities, so is encouraging them to take advantage of free help

The Information Commissioner’s Office (ICO) today urged charities to open up for data protection checks, saying they would benefit more than other organisations due to the sensitive nature of data many third sector bodies hold.

Very few third sector organisations have been audited by the ICO, according to the watchdog’s list of recent audits, but a bigger number have taken advantage of free advisory visits.

Organisations are not obliged to open doors for audits or advisory visits, they have to put themselves forward.

The most vulnerable sector

An ICO spokesperson told TechWeekEurope that the third sector was “potentially the most vulnerable”, largely because of lack of expertise and funding for data protection, hence why the body put out today’s notice.

“We certainly don’t want to be in the position to have to impose a penalty on a charity,” the spokesperson said. “We hope the release gets them thinking about the areas that they aren’t very strong on.

Charities do not get any special treatment from the ICO and can be fined up to £500,000 for serious breaches of the Data Protection Act.

“Trustees are responsible for ensuring their charity complies with relevant legislation – including the Data Protection Act – and for protecting their charity’s reputation,” said Sam Younger, chief executive of the Charity Commission.

“Mishandling sensitive data not only causes individuals serious distress, it can also damage the good name of your charity. So I encourage trustees of charities that handle sensitive data to take note of the ICO’s guidance and consider taking part in an ICO advisory visit.”

The ICO offered a number of security tips for third sector organisations, such as enforcing strong password use and encrypting portable devices.

No charities have been fined by the ICO to date, but a number have been given warnings. In March, after two unencrypted memory sticks and papers containing the personal details of up to 101 individuals were stolen from an employee’s home, Enable Scotland was forced to sign an undertaking promising to improve practices.

Earlier this week, Torbay Care Trust in Torquay was fined £175,000 by the ICO for accidentally publishing details relating to over 1000 members of staff on its website.

Are you a security guru? Test yourself with our quiz!