Charities fined over 'wealth screening' data breaches
Two charities have been fined over data protection breaches after secretly screening donors so they could be targeted for more money.
The Information Commissioner imposed penalties of £25,000 on the RSPCA and £18,000 on the British Heart Foundation over the so-called "wealth screening".
The charities also traded personal details with other charities, the commissioner's office found.
The RSPCA questioned the ICO findings while the BHF said it might appeal.
As well as "wealth screening", the charities traced and targeted new or lapsed donors by piecing together personal information obtained from other sources, and traded personal details with other charities "creating a massive pool of donor data for sale", the ICO said.
Information Commissioner Elizabeth Denham said donors had not been informed of the charity's practices, and were therefore unable to consent or object to them.
She also suggested other charities could also be engaged in similar activities.
"The millions of people who give their time and money to benefit good causes will be saddened to learn that their generosity wasn't enough," Ms Denham added.
Meanwhile, the Charity Commission said it had opened compliance cases into both the RSPCA and BHF.
The organisation's Sarah Atkinson said: "We are working with the charities concerned, the Information Commissioner and the new fundraising regulator, to ensure that any necessary remedial action is taken.
"The wider lessons for charities about their responsibility to protect donors' personal data must be shared and acted on."
The ICO said the two charities had employed wealth management companies to analyse the financial status of supporters.
During the investigation, the RSPCA told the ICO it had undertaken the practice since 2010. The BHF said its donors had been checked since "at least" 2009, but it would no longer do so.
Responding to the ICO fine, the RSPCA confirmed it no longer carried out wealth screening but said it disagreed with the data watchdog's conclusions.
Chief executive Jeremy Cooper said: "There is no suggestion that we lost or sold any personal data, but rather the ICO considered the information we gave to supporters on how their personal data would be used was inadequate.
"There has been one acknowledged contravention, through an inadvertent error, which we ourselves brought to the ICO's attention."
"We always strive to ensure that our practices fully comply with all relevant legislation and are carried out to a high standard."
BHF chief executive Simon Gillespie said the ICO's conclusions were "wrong, disproportionate and inconsistent".
"The trust our supporters put in us demands high standards of fundraising and we take the data protection responsibilities that come with this very seriously," he said.
"We find the decision surprising, as earlier this year in June the ICO praised our data handling."
He added: "Our trustees will therefore consider whether it's in the interests of our supporters and beneficiaries to challenge this decision."