Charity trustees, data protection and risk

Charity trustees, data protection and risk

Charity trustees are faced with many legal requirements and much guidance about good practice. Keeping on top of what is expected of them to comply with their duties and responsibilities as charity trustees is by no means easy. The need for charities and charity trustees to comply with legislation that is not charity specific, in addition to the requirements of charity law, makes life for charity trustees that much more difficult.
   
Compliance with data protection legislation is just one such requirement. Processing personal data will be part and parcel of the operation for many charities. Indeed, as the Information Commissioner acknowledged in its warning to charities this year, charities will very often be vulnerable to more serious breach of data protection given that they will often process sensitive personal data.

The fine of £70,000 imposed by the Information Commissioner on the charity Norwood Ravenswood Ltd, as reported this week, is the first of its kind. Perhaps fines of that size are unlikely to become common place. But the episode illustrates the very real risks for charities posed by lack of compliance with this legislation.
    
The consequences of non compliance will not always be so severe, of course. The Information Commissioner reported in August having issued three warnings to charities regarding the loss of personal data this year, which on the face of it does not sound so bad.

But when you hear that those incidents arose through the use of memory sticks and laptops, which are now commonplace, it does bring home the risks. Risks which would fall within the scope of the Charity Commission guidance Charities and Risk Management CC26 and which charity trustees are expected to manage and mitigate. (Risk in this area might potentially, but you would hope less likely, fall within the remit of Reporting Serious Incidents updated by the Charity Commission in September this year).

Help is at hand however for charity trustees looking to mitigate this particular risk. Start with the bespoke guidance for charities issued by the Information Commissioner in August on how to steer clear of danger, including five top tips and the opportunity to arrange free advisory visits. 

See http://www.ico.gov.uk/news/latest_news/2012/charities-urged-to-sign-up-for-ico-data-protection-check-up-top-five-tips-08082012.aspx

Charity Commission Public Benefit Consultation – what next for charity trustees?

Charity Commission Public Benefit Consultation – what next for charity trustees?

The Charity Commission’s Consultation on its draft Public Benefit guidance closed on 26 September.

The timing for the re draft was triggered by the ISC case of course. But the requirement for the Charity Commission to provide guidance ‘in pursuance of its public benefit objective’ is to be found in section 17 (1) of the Charities Act 2011. That public benefit objective, set out in section 14 of the 2011 Charities Act, is ‘to promote awareness and understanding of the operation of the public benefit requirement.’ (The public benefit requirement, just to complete the picture, being ‘the requirement in section 2 (1) (b) that a purpose falling within section 3 (1) must be for the public benefit if it is to be a charitable purpose ‘– section 4 (1) of the Charities Act 2011).

  

The draft public benefit guidance reflected the Charity Commission’s view, that that statutory objective means that any guidance it produces needs to deal with the duty of charity trustees to administer their charity for public benefit, just as much as it needs to deal with public benefit as part and parcel of a charitable purpose.

   

There will, no doubt, be different views about the Charity Commission’s approach. Some will take the view that the Charity Commission has gone too far: that its guidance should just deal with public benefit as it applies to consideration of charitable purposes. Others will be more comfortable with the approach set out in the draft guidance on public benefit.

The NCVO for instance, has made known their position expressed during the consultation, cautioning against a ‘light touch’ approach to regulating the public benefit requirement, in terms of the duties of charity trustees to run their charity for public benefit.

The Charity Commission has said that it hopes to issue the guidance in its final form later this year or early next. It will be interesting to see what changes are made to the draft public benefit guidance. Given the analysis of the law relating to public benefit produced by the Charity Commission which accompanied the draft guidance, it is perhaps unlikely that there will be a shift away from its current approach to guidance on the public benefit requirement.

Whatever changes might appear to the draft public benefit guidance in due course, charity trustees will still be required by those regulations made under section 162 of the 2011 Charities Act to report annually on public benefit. Complying with the Charities (Accounts and Reports) Regulations 2008 will require charity trustees to describe how they have carried out their charity’s purposes for public benefit. The reality for charity trustees is that, no matter what the final form of the public benefit guidance looks like, on a practical level they will need to continue to be able to demonstrate, each year, just who benefits from the work of their charity and how.