Information Matters: Direct marketing in the charities sector – raising the bar on charities' fundraising

Posted by: Henry Sainty and Alan Baker | Date posted : 30/09/2015

Some of the direct marketing methods that some charities are using to fundraise – brought to public attention by the lamentable cases of elderly, vulnerable people like Olive Cooke and Samuel Rae – have caused concern for regulators, parliament and indeed other charities.  With growing concerns about legal compliance and the risk of serious damage to the reputation of the charities sector as a whole, the ICO has pledged to investigate donor data sharing in the charities sector and Sir Stuart Etherington has responded to a parliamentary request to lead a review of fundraising self-regulation; that review is now published.

Olive Cooke, Samuel Rae and press publicity

92-year-old Olive Cooke took her own life earlier this year – she had suffered from depression and insomnia, which certain quarters of the press have linked to the pressure of receiving so many pleading communications (read: direct marketing) from charities (although this was not mentioned at the inquest into her death).  The Daily Mail reported that she received up to 267 such letters in just one month.  Mrs Cooke fell victim to en masse donor data sharing arrangements between charities (and third party 'brokers' of marketing lists), which often involved charities purchasing lists of contact details (including Mrs Cooke's) without the consent of the individuals on those lists.

The sometimes alarming scale of marketing lists being traded by charities and list brokers was brought to public attention by the son and carer of 87-year-old Samuel Rae.  Having failed to tick a box on a survey he completed in 1994, Mr Rae's personal details were sold or passed on up to 200 times.  As a result, Mr Rae had been contacted by charities some 730 times asking for donations.  Eventually, Mr Rae's details ended up in the hands of criminals who conned Mr Rae – a dementia sufferer – out of £35,000.

Granted, the cases of Mrs Cooke and Mr Rae are arguably examples of the rather 'prone-to-dramatisation' reporting style of the tabloid press, appealing to the public's collective emotions, but to the extent that they reflect the facts – including the flagrant misuse of personal data by some charities and the third party 'brokers' of marketing lists – these news stories serve as a poignant reminder that all organisations (regardless of their benevolent purposes) must take data protection compliance seriously.

What may not be immediately apparent is that both Mrs Cooke and Mr Rae probably did, at some stage, give their 'consent' (on one interpretation) to their personal details being passed on to third parties – although it may not have been clear what they were consenting to, in terms of who would then obtain their contact details and indeed what purpose they would use them for.  These cases illustrate the importance of the legal requirements to obtain freely given, specific and informed consent; so that one small act (ticking an 'opt-in' consent box, or perhaps leaving an 'opt-out' consent box unticked – which is clearly more confusing) does not lead to a miserable bombardment of unsolicited direct marketing.

Particularly when buying-in marketing lists, charities should exercise great care and undertake active due diligence to understand what consents have been obtained from the individuals whose details feature on those lists (and how that consent was obtained).  Moreover, charities should be ready to reject lists which fall short of the law's requirements.

ICO response and Institute of Fundraising action

In response to negative publicity (including Mrs Cooke's and Mr Rae's sad stories) and widespread complaints regarding cold-calling, often in spite of the call recipients having registered with the Telephone Preference Service (TPS), the ICO has decided to investigate donor data sharing in the charities sector – with cold-calling identified as a particularly problematic area.

Under new rules requested by the ICO (applicable as of September 2015), the Institute of Fundraising has stated that fundraisers who call existing donors who are on the TPS or Corporate TPS, unless specifically notified that the individual is happy to receive calls, will be in breach of the Privacy and Electronic Communications Regulations 2003 and could be subject to monetary penalties. Under the new code, callers must check phone numbers against TPS lists before calling and no marketing calls may be made under the 'guise' of administrative calls (which do not come under the Regulations).

Parliamentary review and recommendations

Complementing the ICO's investigation and requests to update the Institute of Fundraising's rules on cold-calling, Sir Stuart Etherington and others have responded to the request from Rob Wilson MP, Minister for Civil Society, to carry out a review of fundraising self-regulation. Sir Stuart has commented to the press that the current regulator, the Fundraising Standards Board (FRSB) "doesn't have the clout or the sanctions" to prevent bad practice and that the current system, where the FRSB regulates charities according to standards set by those charities themselves, is "inappropriate". As such, the Etherington review recommends that the FRSB should be scrapped and replaced with a new body with wider powers (which the review proposes will be called the "Fundraising Regulator"), which would be funded by a levy on charities whose annual fundraising expenditure exceeds £100,000.

Some key proposals of the Etherington review are:

  • The Fundraising Regulator would have control over the fundraising code, would proactively investigate breaches and would have the power to impose sanctions such as banning charities from certain types of fundraising for a period if they break the rules.
  • 'Name and shame' lists, an annual report of complaints, 'cease and desist' orders and compulsory staff training would all be available to the Fundraising Regulator as potential sanctions in order to encourage compliance.  It is also proposed that charities told to stop using certain fundraising methods would need to submit future fundraising plans to the Fundraising Regulator before being allowed to recommence activities.
  • A new 'Fundraising Preference Service', overseen by the Fundraising Regulator, would act as a 'reset button' for donors in respect of all fundraising communications, completely preventing the receipt of unsolicited contact by charities and other fundraising organisations.

Legislative change

In the same vein as these recommendations is a proposed amendment to the Charities Act 2011.  The Charities (Protection and Social Investment) Bill, which is currently in its second House of Commons reading having passed through the House of Lords (and which is the separate subject of this briefing note by our colleague James Maloney), would require charities to draw up written agreements with agents and contractors, setting out how vulnerable people are to be protected from aggressive fundraising tactics and how compliance is to be monitored.  This includes unreasonable intrusions on privacy, unreasonably persistent approaches for money and placing undue pressure on a person to donate.

From a data protection perspective, we await a final text of the General Data Protection Regulation (GDPR), the latest draft of which would raise the threshold for (or, at least, redefine the meaning of) what constitutes valid consent to processing of personal data (including by charities).  The Institute of Fundraising expressed its concern over the original text proposed by the European Commission, which would have required explicit consent from an individual in order to send them direct marketing.  The revised draft of the GDPR, however, changes this to require "unambiguous" consent.  While that is probably (slightly) friendlier for the senders of direct marketing than an "explicit" consent requirement, it remains to be seen whether it survives in the final form of the GDPR and, indeed, how the rest of the GDPR may allow for direct marketing to be justified.  The recitals to the current draft of the GDPR state that "the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest", which seems clear – but again this could change before the final text is agreed (which is expected to happen by the end of this year).

Closing remarks – a balance of interests

Perhaps understandably, some charities have expressed their concerns that a regulatory shake-up in this area will unnecessarily undermine their efforts to raise funds which are ultimately used for good causes.  That concern, of course, must be balanced with the need to respect individuals' privacy rights and to process personal data for direct marketing purposes only in accordance with the law. Moreover, given the high profile (and wide reach) of these issues, charities must consider the potential damage to their reputations and loss of public trust if another case like Olive Cooke's or Samuel Rae's were to come to light.

Click here to read more posts from Information Matters.

If you require further information on anything covered in this briefing please contact Alan Baker (; 020 3375 7441), Henry Sainty (; 020 3375 7424) or your usual contact at the firm on 020 3375 7000. Further information can also be found on the Intellectual Property page on our website.

This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.

© Farrer & Co LLP, September 2015