The Information Commissioners Office (ICO) has announced it will investigate data sharing in the charity sector following reports that an 87 year old man, Samuel Rae who suffers from dementia, had his personal details sold by a charity. Mr Rae who is now cared for by his son, was conned out of £35,000 after being targeted by fraudsters who obtained Mr Rae's personal information from rogue firms.
The data entered the public domain after Mr Rae omitted to tick a box that he did not want his personal details shared in a survey he filled out in 1994. In the two decades since, Mr Rae has reportedly been contacted some 730 times by charities asking for donations despite attempts to stop the calls.
Information Commissioner Christopher Graham said: "The fact that Mr Rae didn't tick a box in 1994 is beside the point. The Data Protection Act is very clear - the first principle is that your data must be processed fairly and lawfully... There is no consent to sell his data years afterwards... We have got to get to the bottom of how this data was passed on." The Information Commissioner added that there was now a "danger of blackening a whole sector with charities becoming the new dirty word".
Mr Graham reiterated that the Information Commissioner's Office ("ICO") commitment and duty to issue civil monetary penalties of up to £500,000 where there have been serious breaches of the Data Protection Act. Confirming that if there has been criminal activity offenders will be prosecuted in the magistrates court.
The ICO's actions come as part of a wave of ongoing investigations into the regulation of the charity sector with an investigation led by Sir Stuart Etherington, sponsored by the Cabinet Office. A second investigation will be carried out by a parliamentary select committee looking into practices within the sector. Mr Graham added that "I think when all that work’s been done we’ll see if any changes to the law are necessary".