Home » Topics » Governance, Risk and Compliance » Charities at high risk of serious data breach – ICO

Charities at high risk of serious data breach – ICO

by Ed Reeves

Charities are "potentially more susceptible to encountering a serious data breach" than other organisations, according to the Information Commissioner's Office.

The sensitive nature of the data that charities often handle, the ICO said, means they could be more likely to suffer a serious breach, putting them at risk of receiving a fine of up £500,000.

The ICO published a list of the five main areas for improvement where charities can improve their data practices. These are using strong passwords, encrypting portable devices, ensuring staff receive adequate training, letting people know what they are doing with their data and only keeping people's information as long as necessary.

“The top five list we’ve published has come from feedback we’ve found on visits we’ve already carried out, where we found many of the same problems,” an ICO spokesman told Information Age.

The data protection watchdog is also encouraging charities to make use of the free data protection 'check ups' it offers to small and medium-sized organisations. These advisory visits, which can range from a few hours to a day, give organisations the chance to discuss and receive advice from the ICO on improving data protection practices.

Sam Younger, chief executive of the Charity Commission, encourage UK charities to take the ICO's advice. “Trustees are responsible ensuring their charity complies with relevant legislation – including the Data Protection Act – and for protecting their charity’s reputation. Mishandling sensitive data not only causes individuals serious distress, it can also damage the good name of your charity. So I encourage trustees of charities that handle sensitive data to take note of the ICO’s guidance and consider taking part in an ICO advisory visit.”

The ICO has also published a guide to advisory visits as well as summaries of select ones that have taken place. In July, the Legal Services Board (LSB) used an advisory visit from the ICO to brief staff on how data is collected, processed, archived and destroyed. Feedback was also provided on data minimization, transparency, data protection principles and data on mobile devices.

Ed Reeves

Ed Reeves co-founded Moneypenny with his sister Rachel Clacher in 2000. The company handles more than 9 million calls a year for 7,000 UK businesses and employs almost 400 members of staff. Reeves remains...

Related Topics

Related Stories

Governance, Risk and Compliance

Two ways to improve GDPR enforcement

Martin Davies of Drata explains how GDPR is currently enforced and how enforcement could be improved across the European Union

Governance, Risk and Compliance

Four in five IT leaders concerned about data compliance

Cloudera research reveals that 79 per cent of IT leaders see compliance as the main data management concern, despite widespread investment

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Governance, Risk and Compliance

What unbundling Microsoft Teams will mean for EU customers

In the midst of an EU antitrust investigation, Microsoft Teams is now set to be offered to businesses separately from its Office suite