Privacy Risks in Collecting Donations
Charities are increasingly employing commercial approaches to funding, lobbying and fundraising to fuel their invaluable work. In doing so, charities need to be cautious of mishandling the donor’s personal information that they collect together with the donation.
Donors are frequently being asked to provide information such as home address, email address and their mobile phone number. In some instances charities will not accept money unless this personal information is also provided.
After making a donation, a donor can receive letters, emails and phone calls, which some may find intrusive. Frequently these are from other charities as there is some sharing of databases that seems to be occurring in the industry. Provided charities make proper disclosures to donors, they can exchange donors’ details with other organisations. The question is however have they properly disclosed to donors that this will occur? This is often made worse by the fact that charities are exempt from Australia’s Do Not Call Register (DNCR), which allows Australians to reduce the amount of unwanted telemarketing calls they receive.
When it comes to handling personal information, charities are subject to the Privacy Act 1988 (Cth), which allows for the exchange of information between organisations but such use should be clearly set out in the collection statement. Charities must then ensure they collect and store data in accordance with the Privacy Act and provide donors with clear opportunities to opt-out of communications with the charity.
Australians give an impressive $12.5 billion a year to charitable causes and there is concern that this number would reduce if charities were subject to the DNCR rules, however charities need to focus on compliance with their privacy obligations or risk a backlash that will removed their privileged exemption to the DNCR.
Read more about charities, data collection and privacy here.
Olivia Coburn is co-author of this article.