Mike Adamson is chief executive of the British Red Cross. Prior to this Mike was managing director of operations and held several other positions in the organisation between 1992 and 2003, including head of international programme development, director for the London and south-east region and director of strategy, planning and information systems.
In January this year, I agreed to take on the chairing of a special working group to develop recommendations about the principles that should underpin charities’ relationships with their donors, particularly in relation to the management and use of their personal data for fundraising purposes.
I agreed to do this because I think the external world has changed profoundly. Be it in relation to the general unease around data security and privacy in all sectors; or the noticeable decline in trust in charities, rightly or wrongly manifest in criticism of our fundraising practices.
We need to ensure we embody our values when we communicate with both donors and potential donors.
In parallel, on 4 May the EU Official Journal published the EU General Data Protection Regulation (GDPR), setting out new rules in relation to the management of data. The Regulation will come into force on 25 May 2018.
This marks the start of a countdown towards a new regime of data protection that focuses on ensuring people have real choice and better control about how their data is used. Two years may seem a long time, but the changes that will be required are considerable, and preparations need to start now.
So, where has the working group got to?
Our vision for the future
Our vision is of a world where donors and potential donors have meaningful control of their relationships with the charities they support.
Donors and potential donors will have informed choice over how their data is used and by whom, just as we as customers would expect in other parts of our personal and professional lives. And charities will be fully transparent and accountable to their donors and potential donors, enabling them to build a relationship of trust and enduring engagement.
The key building block of our recommendations is the concept of ‘freely given, specific, informed and unambiguous consent’. Our aim is to ensure that such quality of consent is secured for all our fundraising communications.
The recommendations will represent good practice and reflect the public’s increased expectations in these areas. Our aim is that they are ethical, practical and enduring. So we will go beyond the strict letter of the law, because we believe the sector needs to do the right thing consistently for the long term, not just where it is required now.
As we develop the recommendations, we are committed to reflect the following key principles:
- Donors and potential donors must be able to easily express their preferences about whether and how they wish to be contacted by the charities they support, including whether they wish to stop being contacted.
- Charities must respect individuals’ preferences and ensure they can update or confirm their preferences at regular intervals appropriate to the nature of the contact and channel.
- If a donor or supporter tells an organisation that they don’t want to be contacted (at all or in a certain way), the organisation must take notice and honour the request.
- Charities must respect the privacy of their donors and potential donors, and must never engage in the following when fundraising:
- selling donor data
- exchanging donor data
- telephone cold calling
- Charities must not presume that consent lasts forever, and must ensure consent is appropriately refreshed. The period within which consent must be refreshed may vary according to the intrusiveness of the channel of communication, nature of the institution or type of engagement involved.
- Charities must be transparent in their use of data, ensuring donors and potential donors can easily understand what is happening with their data.
- Charities must handle donor information in a safe, secure and sensitive way, demonstrating they can be trusted to handle personal data.
- When charities secure donor data for fundraising purposes from a third party, they must ensure that appropriate quality assurance measures are in place, so that donors and potential donors have been able to express their preferences about whether to be contacted.
- When charities use external suppliers to contact current or potential donors, they must take full responsibility for the way in which these contacts are handled, as if they were doing it themselves, and ensure a comprehensive quality assurance framework is in place to oversee it.
- Charities must only keep donor information for as long as necessary. They must establish appropriate retention periods and set up a process for deleting personal information once it is no longer required.
There is still a lot of work to be done. In particular, there are a number of key issues on which we will continue to engage with the wider reference group, in order to ensure our recommendations reflect as much as possible different charities’ concerns and priorities.
Some of the questions we need to address:
- How ‘specific’ does unambiguous consent need to be?
- How often should charities refresh consent?
- How do charities make the transition to securing unambiguous consent?
We will also be testing our assumptions with the wider public, so that the changes we make will meet people’s expectations.
The recommendations, once finalised, will first of all be submitted to NCVO’s board of trustees for sign off. They will then be provided to the Fundraising Regulator as input when it updates the Code of Fundraising.
Ultimately, our aim is for the recommendations to be endorsed by the new Fundraising Regulator as good practice, and included as such in any updated Code of Fundraising.
Of course we acknowledge that it is unlikely we will have full consensus: some of the recommendations will be challenging for all of us, and will almost inevitably lead to a drop in our income, at least in the short term until we develop new approaches to develop deeper, more enduring relationships with donors.
But we also need to accept that the time has come to take a leap and put our donors’ wishes first. Only this will help restore the trust that is so essential to our continued existence, and to our ability to make a difference to our beneficiaries and wider society.