Charities, Data Breaches, Financial Losses & ISO 27001

Many often miss the major advantage of being certified to a standard & are unaware how they can prevent financial loss:

BBC Report –

Two charities have been fined over data protection breaches after secretly screening donors so they could be targeted for more money. The Information Commissioner imposed penalties of £25,000 on the RSPCA and £18,000 on the British Heart Foundation over the so-called “wealth screening”. The charities also traded personal details with other charities, the commissioner’s office found. The RSPCA questioned the ICO findings while the BHF said it might appeal. As well as “wealth screening”, the charities traced and targeted new or lapsed donors by piecing together personal information obtained from other sources, and traded personal details with other charities “creating a massive pool of donor data for sale”, the ICO said. Information Commissioner Elizabeth Denham said donors had not been informed of the charity’s practices, and were therefore unable to consent or object to them. She also suggested other charities could also be engaged in similar activities. “The millions of people who give their time and money to benefit good causes will be saddened to learn that their generosity wasn’t enough,” Ms Denham added.

The above could have been prevented if the organizations were ISO 27001 registered. Organisations’ registered to the standard are re-audited at least annually – If your Certification Body discovers a breach of security or legislation they will raise a Non Conformance against you. This is merely a piece of paper you will have to address within a given timescale to maintain your Certification – there is no financial impact.

If the ICO discover a breach of security or legislation the tale is different. While the above fines don’t appear excessive, the financial impact of this publicity could be enormous & far reaching.

Similarly a breach in your ISO 14001 Environmental Certification leads to a piece of paper that guides you back to compliance & possibly avoids an environmental incident. A run-in with the Environmental Agency could cost you tens of thousands.

A breach in your OHSAS 18001 Health & Safety Certification leads to a similar piece of paper that guides you back to compliance & possibly avoids an accident or damage to Human Health. A run-in with the Department of Health & Safety could land you in prison.

We do not like to sell standards into businesses based on a fear factor, but apart from improving your organization & giving access to new work, you should also consider the assurance factor that Certification can deliver.

Leave a Reply

Your email address will not be published. Required fields are marked *