Data Protection (oh yes)
In May 2016, I posted a blog on Scottish charity accounts and trustees’ names. I wrote that the Scottish Charity Regulator (OSCR) had reported that individual charity accounts did not belong to OSCR and are covered by the Data Protection Act. Therefore when OSCR published charity accounts, the personal information had to be redacted. I was puzzled as the Charity Commission has been publishing the names of trustees for a number of years, and the new Charity Commission for Northern Ireland has a similar look to the beta version of the Charity Commission, and includes the names of trustees.
I raised this with the Institute of Fundraising (head office and in Scotland) as a concern, but am not aware of my concerns having been adequately followed up. I think that this should have made fundraisers and researchers stop and think about the Data Protection Act, and might have alerted us to a range of issues we should be addressing regarding data protection. The recent meeting organised by the Trusts and Statutory fundraisers group raised concerns about processing personal data (including the names of trustees).
I was not an expert on data protection (and I’m still not). I hope that if something (slightly disconcerting) like this crops up again, that we will investigate things thoroughly. I will be off to the Researchers in Fundraising meeting on data protection this week, and will probably make the Consultants meeting later on this month …
Meanwhile, OSCR is publishing charity accounts, which is great. However, OSCR Online & OSCR’s website are unavailable until 1pm today (6/9/17) due to essential maintenance.
Finbar Cullen, ResearchPlus
Advertisement