Charities Not Getting It - Part 2
Long time readers may remember my rant about the problems I had making a donation for charitable work in Africa because charities wouldn't let you donate and walk away clean. Not without jumping through a lot of hoops anyway.
If you read the article you'll find that in the end I finally went with Care International, who are of a member of DEC but have no underlying religious agenda (unlike most of them). Their donations page simply has:
May we contact you by email? SMS May we contact you by SMS?
That's cool. Uncheck the first and you're done. They win.
But here's the problem. Today, despite me being a mailing preference service subscriber, I've got a begging letter from ... Care International UK. They didn't even bloody ask me whether or not this was acceptable but they're using my data to send me mail. That's outrageous.
Data protection principle 2 of our old friend the Data Protection Act 1988 says:
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
The purpose for which the data was obtained was processing a credit card donation. Any further processing to generate mailshots is a different thing entirely, especially when it's not been hashed against the mailing preference service list. So they fail on principle 2.
Data protection principle 5 says:
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
So why, four months after they processed my credit card donation, do they still have my address details (which is the only purpose for which they were obtained)? I think they fail here too.
I can feel a complaint to the Information Commissioner coming on.
|Tags: web design||Written 13/03/15|
You can follow these posts on Twitter at @Wibblings