With new rules around data use, measures to clamp down on pushy charities, and confusion around what insurance feature protects what, they could be.
Charitable organisations which rely on the use of personal data, either that which has been obtained directly or acquired through a third party, are now under close watch on how they use it. Those who breach the new rules which came into play on Thursday 6th July, and which will be tightened further in May 2018 when the new General Data Protection Regulation (GDPR) comes into force, could face fines of up to £25,000.
GDPR comes with enhanced individual rights which must be complied with, which will make it harder for charities to obtain and use the data of potential fundraising targets, and easier for those “targets” to drop off the radar.
In addition to these new rules, the Fundraising Preference Service (FPS) allows people to specify which charities, if any, they would like to hear from. Those which don’t make the cut will be notified by the Fundraising Regulator and be given 28 days to cease all contact with the recipient. Any which fail to comply will be referred to the Independent Commissioners Office and potentially prosecuted under the Data Protection Act 1998.
These new measures emerged from a review following the suicide of 92-year-old poppy seller Olive Cooke in 2015. 70% of charities which had contacted Mrs Cooke, who received 466 mailings in one year and had 27 standing orders, had obtained her details from third parties. While Mrs Cooke’s family insist that the charities’ “intrusive” behaviour didn’t cause her to take her own life, a friend said she had been put “under pressure”. The high-profile case revealed bad practices of other charities across the UK.
There are countless other charities which don’t take the generosity of the British public for granted and pursue only fair courses of action to secure essential funding.
Yet uncertainty around the new rules and misunderstanding around insurance products means that organisations with only the best intentions could be caught out alongside those for which the hefty penalties were brought in to deter.
Guidelines on how to comply with GDPR can be found on the ICO’s website; it’s important that all charitable organisations are aware of how current and future data practices comply with the new rules, to avoid regulatory repercussions which could amount to thousands of pounds.
In such situations, insurance can help, providing it has the right features. McClarrons’ Care & Social Welfare Account Executive, Jonathan Copley, explains,
“We’re concerned that charities could be relying too much on certain features of their insurance which they believe will offer support in the face of regulatory action,” he said.
“Legal expenses and public liability are not going to offer protection in these circumstances, while company legal liability, which is part of a management liability policy, will. Professional indemnity could be useful, but only if there had been a financial loss. In cases such as these, that’s not guaranteed, so you take a gamble if you forego the only policy that’s actually going to perform.”
Management Liability insurance covers both individuals and organisations from alleged wrongful acts, such as a data breach or non-compliance, and can offer protection against claims made by regulators, including the ICO.
Jonathan said he would urge all charities to familiarise themselves not only with the new legislation that will take effect in less than a year’s time, but their own insurance policies.
“We will always ensure that our policyholders have insurance in place that befits them, and that they are fully aware of just how it does so. As charity and care specialists, we fully understand the risks the third sector faces from regulatory action, and would recommend all charities take this time to check their cover, or have their broker do so for them.”
For any questions on Management Liability insurance, contact Jonathan Copley.
Jonathan Copley, Account Executive
Tel: 01653 602647