Thursday 13th March 2014
This week, the Charity Commission has published an operational compliance report into the Family and Childcare Trust, on an investigation that was instigated by an MP who felt that the charity was partaking in party political campaigning on twitter, and the ICO has issued a hefty fine against the British Pregnancy Advisory Service as a result of a hacker obtaining personal information stored on its website.
The Commission opened its investigation into the Family and Childcare Trust following a complaint by an MP that the charity was involved in party political campaigning because it used two hashtags in tweets that were also being used by the Labour Party. (For those unfamiliar with twitter, a “hashtag” before a group of words enables all those using the hashtag and words to follow the conversation – so if an individual or group uses the phrase “#lobbyingbill” in a tweet, anyone who wanted to comment on that and see what others were saying could use #lobbyingbill in their tweet, or search for #lobbyingbill to see what others were saying).
The Commission contacted the charity regarding the charity’s general practices when deciding what campaign action to undertake, and specifically what had motivated the hashtags that had caused the complaint. The charity explained that the organisation’s purposes were the driver for any campaigning, and the response satisfied the Commission that due regard was had to the public perception of any proposed actions. As regards the particular hashtags, the charity had wanted to follow the conversation because it was relevant to their purposes, but also wanted to ensure that their tweets reached a wide audience. The Commission were satisfied with this response, and concluded that the charity had acted within their guidance and no action was taken.
This has been hailed in the charity press as yet another means by which MPs are attacking charities for “campaigning” which is perfectly within their powers, and is fuelling concerns regarding the way that the Lobbying Act might be used to try and silence charities on speaking out on issues which are relevant to them, but which also happen to be part of party political campaigning before an election. As long as the Electoral Commission has a sound understanding of what is acceptable campaigning by charities, the only action that can realistically be taken is a request for a charity to register if it is carrying out activities that look as if they are seeking to influence the outcome of an election, and where spending on those activities exceeds the relevant limits. As long as charities that do campaign keep a record of expenditure and a critical eye on the political landscape around the time of the next election, they will be aware of when they might need to register, and should be able to rebut any allegations that are made against them.
If you are interested, the full text of the report can be found here.
Another regulator taking on the sector this week, is the Information Commissioner’s Office (ICO) – the body responsible for regulating breaches of the Data Protection Act. The ICO has the power to issue a fine (a monetary penalty notice) in cases where there has been a breach of the Data Protection Act, and such action is appropriate in the circumstances of the breach. The latest fine was issued to the British Pregnancy Advisory Service, in the sum of £200,000 for breaches of the Data Protection Act which allowed a hacker to obtain names, addresses, dates of birth and telephone numbers of individuals who had filled out a website enquiry form requesting a call back from the charity.<
The hacker was an anti-abortion campaigner, and had intended to publish the details obtained, but was prevented from doing so by the police. Although no information was stored regarding the purpose of the enquiry, by the nature of the charity’s advice service it would have been a personal issue, and any link to abortion or contraceptive advice could have resulted in serious harm and even death for some individuals on the list.
The ICO monetary penalty notice explains that such a large fine was imposed because it was clear from investigations that the charity was unaware that the data was stored on the website, and so no tests were made to check for resilience against such an attack. The charity had used two different IT providers, and had not had an agreement which was compliant with the requirements of the Data Protection Act with either, and had clearly not understood fully the system that had initially been put in place. I have a fair amount of sympathy for the charity in this case, as “IT-speak” can be notoriously confusing and difficult to get to grips with, but I also think that the ICO is right to highlight the fact that the charity ought to have understood properly where it was storing this personal information, given the potential harm if it was released. The case serves a reminder to all organisations (not just charities) to ensure that they carry out a regular risk assessment, and as part of that, look at what personal information is held, where it is held, and what security measures are in place. Here at Stone King, the Information Management team can assist with this, and give advice on how to test the security of your website. See the team page for more information. And for more detail on the facts of this particular case, please see the full monetary penalty notice.
In other news this week, HMRC has updated its guidance on the Gift Aid Small Donations Scheme, in relation to time limits for new merged entities taking over the claims of the old entities. The amendments can be found in paragraphs 8.25-8.27 of the “Charities Detailed Guidance Note” guidance, and basically state that predecessor claims must be taken over by the earliest of the following dates: 90 days from the date that the new body takes over the activities of the old body/bodies, or 60 days before the date of the new bodies first gift aid claim.
The Co-operative and Community Benefit Societies Bill also continues it passage through parliament, with the next stage (the Third Reading), scheduled for Tuesday 11 March, where any final amendments will be considered.
For further information or advice please contact
Image
Image
Image
Image
Image
