Yesterday the BBC published a story putting charity fundraising under scrutiny. Having worked with a few large charities I can see the difficulties they face. Many charities employ third party collectors or agencies to engage the public and collect donations and/or introduce new regular donors. This is a pure out and out sales activity and one which is, in my opinion, not easy to manage as the charity is at least two steps removed from the actual sales effort. Coupled with that, in my experience the contractual arrangements of such activities is not well documented – particularly in respect of the legal relationship and responsibilities regarding data. We’ve found many instances of charities employing several data a processors with no data processing agreement in place and only very basic data protection provisions in a commercial agreement. In many cases the collector has proposed the commercial agreement which the charity has adopted to reduce its legal fees – but this is false economy as the agreements like this are stacked in favour of the collector and contain very weak data protection provisions.
Keeping a log of all such arrangements, using robust data processor agreements giving the charity the rights it needs to protect itself and members of the public is vital. We’re often asked to carry out due diligence on collectors for charities and have been on several site visits to assess their operations – particularly from an information governance and management control perspective. Pre-contract due diligence is another vital process that charities need to undertake.
In my experience charities generally expect collectors to behave responsibly and respectfully – but these are independent commercial sales operations that are usually incentivised by an income based on funds raised.