Tag: prospect research

The Factary Screening Revolution

Posted on by NicolaW

In early 2017 Factary took the bold step to revolutionise the way we undertake Wealth Screenings. We launched our new Screening product in December 2017 and now, 16 months later, we have been able to reflect on the highs and lows of this process, and analyse the pros and cons of our new system. We thought we’d share our experiences here as they may prove useful to those who may be thinking of undertaking a Screening now or in the future.

Why did we change our approach to Screening?

To carry out our Screenings we used to hold a dataset of wealthy and philanthropic individuals (including data such as name, address, wealth analysis and data on professional / philanthropic interests for each individual). In 2017, in preparation for GDPR, like most other organisations we undertook full Privacy Impact Assessments (PIAs) on all of our products and services that made use of personal data. The PIA for Screening identified that, as the individuals held on our database were not aware that we were processing their data, and as some of the data would be deemed ‘intrusive’ (e.g. wealth analysis), our Screening posed clear risks to the individuals on the dataset (and, also, to us as an organisation and to our clients).

Ultimately, the PIA showed we had three choices: contact the individuals to ask for consent; attempt to justify the use of data under legitimate interests (and provide privacy notices to all the individuals on th/e dataset), or; stop Screening using this dataset entirely. We did not feel the first two options fully mitigated the risks involved to individuals, to Factary or to our clients, so (with the knowledge of the ICO) we decided to delete our dataset of wealthy and philanthropic individuals and start from scratch with a new Screening method.

Our new method

Full details on our new approach can be obtained by contacting us directly or reading more on Factary Screenings elsewhere on our website, but essentially we now make use of a number of data points to analyse a client dataset and identify those individuals likely to be major gift prospects. These data points include socio and geo-demographic data pertaining to 1.3m UK postcodes, bespoke and anonymised in-house wealth data points compiled from past Factary research, philanthropy data (to identify potential links to grant-makers & charities), and professional / business data (to identify links to top companies). None of this data is classified as personal data. We also make use of some datasets which hold names only, such as data from Factary Phi and some data from published Rich Lists. Alongside this, we make use of client data denoting connection or affinity (such as donation history, membership details, event attendance, ongoing relationships and much more) as our Screening approach doesn’t just focus on identifying the wealthiest amongst a support base but also those prospects likely to be warm to the cause or organisation.

So, does our new approach work?

We admit that this whole process was a bit of a gamble – it was a bit of a scary leap into the unknown and we had no real idea as to whether or not it would work (and we are very thankful to the small number of clients who helped us run pilot Screenings on their data in 2017 to allow us to review the outputs and efficacy of the new approach).

Thankfully, we are happy to report that the new process not only works, but is proving to be even more effective than our old approach. There are a number of reasons for this. Firstly, we are no longer relying on a static database of well-known individuals. We are now drawing from a variety of in-house datasets which has massively broadened the potential pool from which we can identify prospects and has naturally resulted in an increase in identified major donor potential.

Example output from Factary's new Screening report
Example output from Factary’s new Screening report (showing results by ‘Capacity’)

Secondly, due to the new focus on demographic and occupational analysis we are able to identify wealthy individuals that would have previously been difficult to identify. This expanded focus, which is not reliant on prospects who are likely to be identified from static sources such as Companies House, has shown that we also now have a higher chance of being able to identify the very wealthiest prospects from professional sectors that were hugely underrepresented in our old approach (e.g. prospects with affiliations to investment firms or hedge funds).

Ultimately, this new approach to identifying prospects is more rounded and multi-layered which, when coupled with our bespoke analysis of giving history and affinity data, identifies a much wider range of wealthy and philanthropic individuals who can be prioritised not only by capacity to give but also by warmth/motivation towards the organisation or cause.

Example output from Factary's new Screening report
Example output from Factary’s new Screening report (showing potential philanthropy matches against Factary Phi)

The cons

Of course, as with any process, it’s not fool proof. The new approach has its cons, too. For example, as one of the main drivers of our Screening is postcode data we are very reliant on clean address information in order to achieve successful results. Clients with out of date address data are unlikely to obtain the same results as those with clean data. That said, under GDPR we have found that many organisations have worked hard to ensure the data they hold is clean and accurate, so this is less of an issue than it might have been a few years ago.

Another slight downside is that not all individuals indicated as wealthy at the initial Screening stage can subsequently be identified from manual research in the public domain at the reporting stage, and for some we cannot confirm wealth. This means that a small percentage (around 17%) of identified prospects can ultimately not be included in the final reports. This does, however, highlight that our Screening involves a very careful process whereby an individual researcher reviews the results to ensure only relevant and verified major gift level prospects are included in the eventual pool (from a GDPR perspective this is important due to the process of justifying the type of individual that might ‘reasonably expect’ to be researched).

So, what are the typical results you can expect?

Given the pros and cons listed above, what are the typical results you can expect from the new Screening process?

The overall breakdown of results (by wealth band) so far is shown below. This includes the percentage of prospects we have researched and verified at various wealth levels, after removing those prospects who cannot be identified in the public domain or who are not relevant for a major donor programme.

As can be seen, the results show a spread across levels of estimated wealth, with £1m-£5m being the most predominant (as expected) and then a more or less equal split between those with wealth of £5m-£10m, and those HNWIs at £10m+. As can be seen, our new approach also includes prospects with wealth of £500k-£1m (as, according to research, these prospects would have an annual gift capacity in the region of £5k-£10k, which easily puts them into a major giving category for the majority of our clients).

Unfortunately, it is difficult to use the data we have so far to provide an estimated breakdown of likely major donor potential (by wealth category) that can be identified from a ‘typical’ dataset as, predictably, the results do depend on the type of organisation we are working with, and the quality of the data we receive. For example, for one independent school we identified that 41% of the database had major donor potential (wealth >£1m), but as these types of datasets are likely to have an unusually high percentage of wealthy individuals it is not indicative of potential results more broadly.

However, results from numerous other charities (working in health, international development, arts etc.) so far show that the identification rate for >£1m prospects has been typically 3% – 5%. This is heartening as research undertaken in 2017 by Boston Consulting Group (BCG) showed that approximately 3% of UK households are millionaires. This indicates that our results mirror the wealth demographic in the UK but are also reflective of the fact that our clients typically segment their datasets to send us those prospects who are most likely to ‘reasonably expect’ to be researched (so their segmentations are likely to include a higher percentage of wealthy and philanthropic individuals than their wider datasets as a whole, meaning we may often identify >3% with major gift potential). Alongside this, because we also identify a relatively robust number of prospects at £500k – £1m, the eventual pool of potential prospects is typically quite broad for all of our clients.

These typical results also represent an increase in identified major gift potential when compared to our previous Screening results, which would, on average, identify 2.88% of a donor dataset (as was outlined in our ‘Guide to a Compliant Wealth Screening’ which can be accessed here).

TL;DR? It does work!

Ultimately, what this data has shown us is that our new process does actually work in identifying a broad range of potential major donor prospects for our clients, which is something of a relief for us! To have taken the bold move to stop using our in-house dataset was a daunting prospect for us, but to have found that not only could we continue to provide clients with a GDPR-compliant service to identify major donor prospects, but that it was actually even more effective than our old system has been very exciting. We are not resting on our laurels though – we are constantly reviewing and revising our processes to tighten up results so, hopefully, our Screenings will continue to improve in the coming months. Do please get in touch if you’d like to talk about the average results from your particular sector so you can see what the ROI from a Screening might be when translated into major gift potential for your organisation.

The GDPR bit…

…because what blog post about Screening would be complete without a GDPR section?

There are still a number of organisations in the sector who still ask if wealth screening is legal. The short answer is yes, it is. The longer answer is yes…as long as your organisation has met a number of requirements, which include:

Identify a condition for processing

You need to choose whether to rely on ‘consent‘ or ‘legitimate interests‘ to process data for wealth screening (you may find our previous papers on Legitimate Interest and Prospect Research and Factary’s Guide to a GDPR Compliant Screening useful in this regard).

Analyse your legitimate interests

If relying on legitimate interest (as, for example, 97% of higher education institutions are reported to be doing), the ICO outline that there are three elements to review, which are:

1. Identify a legitimate interest – what are the purposes for processing the data?

  • Your organisation will need to be able to identify and demonstrate the reasons or purpose of undertaking a Screening. For example, you may outline that Screenings are used to identify those individuals from amongst a wider existing supporter base who may be able to offer financial support at a significantly higher level and to prioritise those who should be approached for a major giving programme
  • It may also help to review the results of this academic study which provides evidence to support the use of research as an integral process in fundraising. For example, the paper shows that:
    • 95% of fundraisers state that research enables them to identify relevant prospects
    • 100% state that research is necessary for understanding prospects’ capacity to give
    • 100% state prospect research enables their organisations to prioritise the prospect pool
  • Of course, Screening also ensures that individuals who are not able to support you at a significant level do not receive irrelevant approaches from your organisation, which is another clear purpose of doing it. As evidence for this, the study cited above shows that 82% of fundraisers agree that research processes minimise the chance that inappropriate approaches are made to potential donors.

2. Show that the processing is necessary to achieve the purposes identified

  • The ICO outline that data processing must be necessary and further state that if you can reasonably achieve the same results in a way that does not use personal data, then legitimate interests will not apply. Whilst our Screening does not use personal data we would still be processing the personal data held by your organisation, so this aspect of GDPR still needs to be analysed before a Screening is undertaken.
  • The necessity of Screening can be evidenced by understanding how important major gift fundraising is to the continued success and operation of your organisation, including that major donors not only provide financial support but also contribute in other, less tangible ways, such as bringing expertise, skills and their professional or personal networks to provide support and guidance to non-profits (Eberhardt S & Madden M (2017) Major Donor Giving Research Report. London: NPC).
  • Screening is typically the first step in major gift fundraising as it enables you to identify relevant prospects for a programme in an efficient, cost-effective and accurate way.
  • Other methods for identifying relevant major gift prospects were reviewed in the academic study outlined above, including data mining / segmentation (such as analysing a donor or alumni database to identify those who are making abnormally large or out-of-pattern gifts, or from modelling their dataset to identify individuals with similar characteristic to their major donors), or from sending questionnaires to constituents on a database and asking for details on salary / professional info etc. Results from the study (see page 22 onwards) showed that the vast majority of fundraisers felt that, even if organisations undertake other methods then prospect research processes would still be required in order to, for example, identify sufficient numbers of major gift prospects.
  • Using the type of evidence and arguments outlined above, you can prove that Screening is necessary and that the results from Screenings cannot be achieved by using other methods.

3. Balance the processing against the individual’s interests, rights and freedoms

The ICO state that you must balance your need to undertake processes such as Screening against individuals’ interests. If the individuals would not reasonably expect the processing, or if it would cause unjustified harm, their interests are likely to override your legitimate interests.

  • It is important, therefore, to be able to explain / evidence that activities such as Screening do not have a disproportionate impact on individuals. Our paper on Legitimate Interest and Prospect Research contains an overview of the type of processes to go through, the questions to ask and the evidence that can ultimately be gathered in order to do this (see page 15 onwards).
  • Additionally, we recently conducted a study into privacy notices which can be accessed via our blog. This provided very clear evidence that, when individuals are contacted to be informed that organisations are undertaking Screening (by receiving a privacy notice), very (very) few of them react negatively. For example, as the blog shows, only 0.0000411% of (almost 2.5m) individuals chose to opt out of their data being used in prospect research when given the opportunity. This, as we outline in the blog, “…provides an evidence base that can be used to argue that the balancing exercise carried out by non-profit organisations to review individuals’ interests, rights and freedoms was fairly judged because, if it hadn’t been, then presumably the number of individuals complaining about or opting out of prospect research would be significantly higher”.

4. Transparency:

One of the 7 principles of the GDPR is ‘lawfulness, fairness and transparency’. Some of the processes outlined above will ensure you are meeting the standards of lawfulness and fairness required for this principle, but adhering to ‘transparency’ is vital – particularly when it comes to Screening as a lack of transparency formed the basis of the ICO fines to charities for Screening in 2016.

  • Transparency is achieved through the provision of a clear and concise privacy notice. Plenty has been written about how to write a good privacy notice and what to include but there are now some great examples of privacy notices which include Screening in their scope (see here and here).
  • If you do not provide individuals with a privacy notice your organisation cannot claim that it has upheld the rights of individuals (as required under the GDPR), specifically those such as the right to be informed, the right to restrict processing or the right to object to processing.
  • Incidentally, this principle formed the basis of Factary’s decision to delete our database of wealthy individuals that we used to hold for Screening as our PIA showed that we did not allow individuals to exercise their rights (as they had not received a privacy notice from us outlining the reasons for which we used their personal data).

The four elements described above that need to be reviewed/worked through in order to undertake a compliant Screening may feel slightly onerous, but they are imperative if your organisation wants to move forward with any type of data processing for fundraising.

Further discussion

If you’d like to chat about Screenings, or how to approach undertaking a DPIA or analysing the GDPR requirements around Screening then please do get in touch.

The role of prospect research in major donor fundraising

Posted on by NicolaW

As part of an MA in Philanthropic Studies (undertaken at the Centre for Philanthropy at the University of Kent) I completed a study which aimed to identify the role that prospect research plays in major donor fundraising. The study involved a survey, undertaken in 2018, of major donor fundraisers and prospect researchers working in higher education institutions in the UK. I’m pleased to say that the results of the study are now available to download.

Download report:
The role of prospect research in major donor fundraising

As a quick summary the results of the study cover a number of areas, such as:

  • The activities commonly undertaken by prospect researchers
  • The purposes or reasons for which fundraisers use prospect research
  • How necessary fundraisers feel research is to their work
  • The ways in which prospect research contributes to fundraising
  • Prospect research metrics (i.e. what data is being gathered on the output or impact of prospect research)

In particular, the results can be used by non-profit organisations when analysing the use of personal data for prospect research purposes under the GDPR. Until now, the non-profit sector did not have a reliable evidence base which outlined the purpose or necessity of prospect research, nor which identified if the purposes of prospect research could reasonably be achieved by other methods (which do not use personal data) – all important areas to analyse, particularly for those organisations relying on their Legitimate Interests to process personal data for prospect research. In practical terms, the data and evidence presented in the paper can now be used by any non-profit organisation when completing, for example, a Legitimate Interest Assessment or a Data Privacy Impact Assessment.

Beyond GDPR, the paper highlights that, on the whole, the prospect research community is not particularly good at gathering evidence which illustrates the impact (or the ROI) of prospect research. That said, it does also show that the vast majority of major donor fundraisers are overwhelmingly positive about the ways in which prospect research supports them in their work.

If you think it might be useful for you or your organisation, please do download the paper and (when sufficiently caffeinated) have a read. I’d be more than happy to answer any questions or chat about the data/paper in more detail if you’d like to get in touch.

Nicola Williams

The road to GDPR for prospect research

Posted on by NicolaW

We recently undertook a survey of prospect research teams in the UK to find out how they are coping with GDPR preparations. We’d like to thank each of the 95 respondents – your answers have given us a real sense of the current situation for the prospect research community as we all work towards May 2018.

We thought it might be useful to share some of the responses as we know that many prospect researchers are struggling with GDPR and it may help to know that you are not alone! That said, it’s not all doom and gloom out there, as the answers to the survey reflect, and there are many positives that we can take from the results.

First, the not-so-good news

Perhaps unsurprisingly, the overwhelming feeling from most of our respondents (77%) is that there is still a lack of clarity around GDPR – specifically around how prospect research can operate in a compliant fashion within the principles of GDPR.

There are also concerns with the practical aspects of GDPR preparation; over 34% of respondents would like more information on undertaking a privacy impact assessment and 38% of respondents are struggling with understanding how to integrate GDPR practices with their CRM system.

Frustratingly, almost 35% of prospect researchers reported that they have not been involved in the GDPR discussions at all in their organisations so they feel they have been unable to provide valuable input to the process.

Some of the other concerns highlighted by our survey are:

  • Misinformation or conflicting advice on GDPR issues is very confusing and unhelpful when it comes to planning
  • The lack of evidence that supports the need for prospect research which can be used to argue the case for continued prospect research with senior leadership
  • The difficulty of understanding and analysing donors’ reasonable expectations
  • The lack of support from leadership within organisations in preparing for GDPR, and the lack of communication between teams on this issue
  • The potential impact of GDPR on smaller organisations is worrying as they may not be able to fully prepare in time for May 2018 due to a lack of resources
  • PECR seems to be a particular concern for many, especially when it comes to consent for channels of communication and how this integrates with GDPR requirements
  • The overwhelming workload and resources required to prepare for GDPR

All that said, it wasn’t all bad news…

Readiness for GDPR

Whilst only 2% of respondents stated that they are ‘completely ready’ for GDPR, the vast majority of respondents, 91%, stated that, for prospect research at least, their organisations are ‘not quite ready, but getting there’. Only 4% of respondents felt that they are ‘not at all’ ready.

Consent or Legitimate Interest?

Most interesting to note from the results was that 54% of respondents stated that their organisation will be relying on legitimate interests as their basis to process data for prospect research purposes.

Only 3% noted that they will be relying on consent as their basis for processing whilst almost 35% of respondents stated their organisations were not yet to make a decision on this.

Privacy Notices

Only 16% of respondents felt that writing privacy notices / policies was an area of concern for their organisations – this is perhaps due in part to the specific guidance that does exist in this area.

Hearteningly, over 63% of organisations have updated their privacy notice to be GDPR compliant. Just over 26% have not yet done this, and 10% of respondents were not sure on the state of their organisation’s privacy notice.

Of the 63% which have updated their notice, over half (58%) have now uploaded this to their website. Only 14% have taken the step to post or email this updated notice to their supporters but this number will inevitably grow at a pace as we work towards May 2018.

Impact on prospect research activity

We also wanted to find out whether researchers have been able to continue providing prospect research services in recent months as the answer to this may help us to understand the likely long-term impact of the ICO fines and GDPR preparation.

The results below show the 5 main areas of prospect research activity and the % of respondents who stated they have either a) stopped doing this activity altogether, b) paused this activity whilst they prepare for GDPR, c) have continued to do this activity or, d) were unable to answer or didn’t do this activity in the first place.

Type of researchStoppedPausedContinuingD/K or N/A
Database (Wealth) Screening31%41%7%21%
Individual research/profiling4%21%68%7%
New prospects identification4%18%69%9%
Due diligence research1%3%78%18%
Network research4%13%57%25%

We have followed up specifically with those individuals who stated they have ‘stopped’ or ‘paused’ Database Screening to obtain more details on these decisions, and we will be able to provide more insight into this at our session with Prospecting for Gold at the RiF Conference on November 6th. For those unable to be at the conference we will follow up with a blog about this shortly afterwards.

For now, it is heartening to see that, aside from Screening, the majority of prospect research activities have continued, although some have fared better than others.

Due diligence in particular seems to have continued, with only 1% of respondents stopping this activity and 3% pausing it. Individual research (i.e. profiling), which was previously undertaken by over 92% of respondents, has stopped or paused in a quarter of organisations as GDPR preparation is undertaken.

Network research was highlighted in the open questions as a particular area of concern, with many unclear how to balance GDPR requirements with the need to identify relevant contacts of key supporters, although of the 50% of respondents who previously undertook this type of research, 86% are continuing to do so, so it is unclear how much this has been affected in reality.

It will be interesting to review the long-term consequences of organisations stopping or pausing these activities as we look in particular at major donor income in 2018 and beyond. Many respondents in the open questions highlighted their concerns that their particular organisations and institutions are losing opportunities to identify and engage potential supporters for fundraising during the process of preparing for GDPR.

The future

Whilst this is a worrying time, there was a view from many respondents that GDPR will ultimately have a positive impact on prospect research…in the end.

This is because despite being, as one respondent put it, “painful”, four of the main benefits highlighted were:

  • GDPR will help to promote prospect research within organisations and institutions (as one respondent put it, “We are no longer a dark art!”)
  • It will make prospect research more efficient and effective
  • The process will educate supporters, donors and the public in how non-profits operate/fundraise, which is a good and positive thing
  • The situation so far has shown researchers to be resilient – working hard and standing up for themselves and the sector

So, the future seems bright but, in the present, if you are one of the many researchers who would like more clarity on specific issues, we know that the IoF are working to produce some specific GDPR guidance for prospect research. We don’t yet know when this will be available, but it will hopefully provide some much needed insight into how we can better prepare for GDPR.

Whilst you wait for that, you may want to download our paper on legitimate interests and prospect research, as it signposts to other useful pieces of guidance and gives a basic overview of the GDPR situation.

If you’d like more details on the survey or would like to chat about prospect research and/or GDPR, please do get in touch with me.

Prospect Research and Legitimate Interests

Posted on by NicolaW

Something quite remarkable happened a few weeks ago. I went to a conference on GDPR (the CASE Regulation and Compliance Conference) and, by the end of the day, I was actually feeling upbeat, hopeful and – even – vaguely excited about the future of prospect research. This was not at all how I was expecting to feel after a GDPR conference, based on the countless other GDPR conferences and events that I have attended over the past 18 months which have mostly left me feeling a mixture of despondency and frustration.

So, why the sudden shift? Well, a few things. Firstly, the brilliant presentations were, for the first time, practical, focusing on what people are working on and achieving as they build towards compliancy for GDPR. To be at a GDPR event which was about positive action in regards to things like privacy notices or data analysis, and not just about all the things we can’t or mustn’t do, felt like progress.

Secondly, there was a real focus on analysing the ‘legitimate interest’ condition for processing data for prospect research. This is a huge step forwards. For too long now ‘legitimate interest’ has been viewed as a second-best option, a condition for processing that non-profits can maybe use, which is kind of OK, but probably just not quite as good or as ‘safe’ as consent. Obviously, this is due in no small part to the Regulator and ICO’s view that non-profits should probably get consent for wealth screening (by which they seem to imply most forms of prospect research). Alongside this, as Adrian Salmon’s recent blogpost highlights, one of the problems of principles’ based regulation is that, whilst it should encourage flexibility, it tends to lead to a “very conservative compliance mind-set”. So, it was great to see the all the relevant conditions for processing being analysed in an informed and practical way at the conference.

And lastly, many Higher Education Institutions (HEIs) are actively choosing legitimate interests (after careful analysis) as their condition for processing data for prospect research. This is another good, positive step.

All that said…

There is still confusion and misinformation. In the past two weeks alone I have received a number of emails from researchers who are still asking if wealth screening is illegal or if they need to get consent from all their donors before doing research. I also speak to many organisations that have suspended some or all forms of prospect research whilst they try to work out their next steps. Occasionally, I speak to smaller charities who have no idea that any of this is even happening.

So, despite great advances in the HE sector and with some charities, it is clear that there is still a long way to go for prospect research before we reach May 2018, when GDPR becomes law.

The main aspect which seems to be paralysing many organisations is the question of whether to rely on consent or legitimate interests as the condition for processing for prospect research. Many researchers have been tasked with coming up with a plan for assessing this and making recommendations, which is a tall order. Much has already been written about consent (see, for example, The Fundraising Regulator’s Guidance on Consent) and we thought, therefore, that it might be useful to add some thoughts around legitimate interests, specifically in relation to prospect research.

Please click here to download our paper on this, which is a meander around the topic (you’ll be asked to subcribe to Factary Updates, so you’ll receive other reports and updates like this in the future). We hope the report is useful. Please do come back to us with any questions or comments. Also, remember that we are not data protection lawyers, so don’t make any decisions based solely on the information we provide!

It ends with Google

Posted on by Chris

On Tuesday I spent the morning at the Ship2B Foundation in Barcelona. Ship2B brings together social change organisations – charities and social enterprises – with grant-making foundations, companies, family offices and venture philanthropists. The social change organisations work on themes in ‘Laboratories’ where the foundations, companies and philanthropists provide advice, contacts and money to accelerate their growth, to ‘scale.’

I sat in on a presentation by the Water4Life lab group. Here were a range of projects on water use and water management. One project was using data from Aigües de Barcelona, the Barcelona water utility, to pinpoint areas of poverty in the city based on how much water each household was using. The project was analysing mass data gathered for one purpose (water supply bills) and using it for another (mapping and understanding poverty).

Which led me to think about the Information Commissioner’s current focus on public domain information collected for one purpose, being used for another.

The ICO have told charities that “publicly available data…is not fair game.” It is not enough to claim that you have a “legitimate interest” in using data from public registers such as Companies House, and news and press reports; you “must balance this against the prejudice to the rights and freedoms of individuals.”

The team at Factary is working hard to ensure we are fully compliant with this new emphasis from the ICO. So this week we contacted one of our suppliers to check that their data was fully compliant. They told us that “…in light of the new GDPR legislation we are currently in discussions…” with suppliers. This is a leading data house that provides data drawn from Companies House. Their end supplier is Companies House.

The Supply Chain

Factary – and any prospect researcher who uses UK companies information from one of the large data houses – is in a supply chain that starts at Companies House. At some point, someone is going to knock on the door of Companies House and ask “are you compliant?”

Before they made their data freely available to anyone, Companies House earned £8.7m in a year, selling it to data users. I have been registered at Companies House as a director since 1990. I have never, ever, had a letter from them asking me if it’s OK to publish my name and address in their register, and then to sell that data on to the big data houses.

I was never asked, because Companies House had a duty in law to gather my personal information and publish it. They turned my private information into public information. They promoted my private information “to power a great range of products” and to encourage “even more people to explore and use [the] data.”

Companies House represents the contradictions at the heart of the legislation that ICO is forced to apply. Data from Companies House that we all believed to be publicly available, and in which we all had a legitimate interest, is no longer “fair game.”

So who is the biggest supplier of publicly available data?

Google, of course.

A Little Light Googling

Every day, millions of people in Britain type the name of a person – a celebrity, a footballer, a friend, a company owner – into Google. Google returns thousands or millions of results; “Theresa May” returns 24 million publicly available results this morning, ranging from press reports to biographic reference sites.

I did not ask the Prime Minister if I might check her name in Google. I am certainly prejudicing her right to privacy by putting her name into Google, because thanks to Google I can see all sorts of scurrilous, unrepeatable stuff about our glorious leader.

Google is a massive re-purposer of publicly available data. Data gathered for one purpose (selling newspapers, or adverts in scurrilous blogs) is re-purposed every single day by Google on behalf of its millions of users.

This is where the contradictions in UK privacy legislation are crystallised. This is where the ICO is heading in its search for the right balance between legitimate interest and the rights and freedoms of individuals.

I want to be a fly on the wall when the ICO knock on the door of number 6, Pancras Square, London N1, the UK headquarters of Google. That battle – between the ICO and Google – will be one to watch.

5 Questions to Ask the ICO

Posted on by NicolaW

The Information Commissioner, the Fundraising Regulator and the Charity Commission are due to meet fundraisers in Manchester tomorrow, on Tuesday 21st February, for the Fundraising and Regulatory Compliance Conference. The ICO have produced a conference paper for delegates to read prior to 21st, which can be accessed here.

The paper, amongst other things, sets out the ICO’s view of data protection in relation to Database Screening and, it seems, prospect research – although, whilst it mentions ‘Screening’ specifically, the paper rather ambiguously only refers to other [research] “…activities such as profiling individuals”. We do need to get some clarification on what they mean by this but, from the context, it does appear to refer to researching donors and supporters using public domain sources and/or using information not supplied directly by the data subject (so, prospect research).

The paper initially outlines why an organisation should use a privacy policy to explain how they make use of data. It then explains the ‘legitimate interests’ condition in relation to the DPA. In this sense, the paper is useful in outlining that charities need to be honest and fair in their processing of data. This is something that cannot and should not be argued with. As we have said before (e.g. here and here), all charities must make sure they have robust, fair and easily accessible privacy policies which openly explain how they collect, store, use and process data.

The conference paper outlines situations in which such a policy must be communicated to a supporter, some ways this can be done, and even when it is not necessary / practical to do so. This is all useful and welcome information. We now hope that perhaps the Fundraising Regulator will issue some sample privacy policies at the conference on Tuesday that provide examples of the language that charities can use to comply with fair processing of data for fundraising.

However, the paper then states that it is ‘highly unlikely’ that charities will be able to rely on legitimate interests as a condition to process data for Database Screening – specifically using third party providers or involving any personal data not supplied by the data subject – or for ‘profiling individuals’. Instead these activities will require explicit consent from data subjects. This is because, the ICO states, these activities are a) not ‘compatible’ with processing data collected from a donor at the point of donation and b) not within the ‘reasonable expectations’ of a donor.

Please read the conference paper. Think about how it will affect you and your work and highlight any areas you feel are not clear. The conference on 21st February is a very important event and the questions we ask (and the answers we receive) about this paper are likely to have a long-term effect on fundraising and research. If you are not going to be at the conference on Tuesday, you can pass any questions that you may have about it directly to the ICO (send them to events@ico.org.uk and ask for them to be forwarded to the relevant dept).

Below are 5 of the questions we would like to ask, now that we have read the paper:

  1. The ICO say in its paper for this conference that individuals are “highly unlikely to expect” certain types of data processing. In the ICO’s press release announcing the British Heart Foundation and RSPCA monetary penalties they are quoted as saying “millions of people who give their time and money to benefit good causes will be saddened…” to know that charities would ask them for more money.
    1. Does the ICO have evidence that shows what donors expect?
    2. There is, in fact, strong evidence to support the fact that processing of personal data for research is within the reasonable expectations of many donors; a recent study concluded that 78% of donors said that better research before they are approached by a non-profit is the most significant area of improvement in fundraising in the past 10 years. Therefore, if fair processing is adhered to and prospect research is within the reasonable expectations of donors, then can the ICO confirm that charities can rely on legitimate interests to undertake this type of activity?
    3. Sources
      1. ICO, Fundraising and regulatory compliance, 21st February 2017
      2. ICO investigation reveals how charities have been exploiting supporters, 16th December 2016
      3. Breeze & Lloyd, (2013); Why Rich People Give. London, DSC.
  2. Tesco’s Privacy Policy, which customers using its loyalty card must accept, says: “We may also use personal data from other sources, such as specialist companies that supply information, online media channels (online media channels include websites, social media sites, pay TV providers and any other channels that become available to us), our Retail Partners and public registers (for example, the electoral roll)”. They state that they do this in order to provide a better service and experience to their customers.
    1. If a charity used this same statement in its privacy policy, could charities use the public and private domain sources listed by Tesco in research so as to provide a better service and experience to donors?
    2. If not, why not?
    3. Source: Tesco Privacy and Cookie Policy
  3. The paper for the conference says: “It’s legitimate for you to process personal data in order to properly administer donations received from individuals”. The paper suggests throughout, as highlighted above, that “administering donations” is the only purpose for which a charity would use data collected at the point of donation or at the point a supporter joins a charity database. It suggests, therefore, that fundraising (including the market research necessary for raising funds) is not a compatible purpose for processing donation information.
    1. Is it?
    2. If not, why can, for example, Tesco use transaction information for more than simply administering a transaction (see their privacy policy linked above)?
    3. As charities rely on fundraising to carry out their work, is it not within their legitimate interests to use data collected from supporters for fundraising purposes, providing that fair processing and the rules of PECR, the MPS/TPS/FPS etc. are all adhered to?
  4. Here is a common story: a charity Board member meets an individual at, say, a cocktail party. The Board member comes back to the charity fundraiser with the individual’s name and says “X is interested in what we do. And he is wealthy.” The ICO says in its paper for this conference: “Far more intrusive are activities such as profiling individuals, particularly where this involves getting more information that the individual has not given you, either directly or via third-party companies. In these cases the legitimate interest condition is highly unlikely to apply. So you’d need to seek the consent of individuals before doing such processing.”
    1. The X named by our Board member is not a donor. We have no permissions or opt-ins or opt-outs. Can we look him up on Google or LinkedIn or Companies House without his permission?
  5. The Charity Commission imposes a duty to check on donors and potential donors. The Charity Commission recommends that trustees understand their donors and asks: “Have any public concerns been raised about the donors or their activities?” The Commission suggests that “full use should be made of internet websites” to check on donors. This is directly contrary to the ICO guidance which would not permit the use of public domain information until the donor has signed up to our privacy policy.
    1. Given that we want to research a potential donor before she does this, whose guidance should we follow – that of the ICO or that of the Charity Commission?
    2. Source: Charity Commission for England and Wales, Tool 6: Know Your Donor – Key Questions

These are just some of the questions we feel require clarification from the ICO and we’ll be submitting these prior to the event. We will also be attending the event on Tuesday and we’ll report back on what happened as soon as possible afterwards through this blog.

Please also keep an eye on Factary’s Twitter feed during the day as we will attempt, where possible, to Tweet any significant points or answers to any questions raised during the conference.

Mind the Gap

Posted on by Chris

Thank you for your comments in the Factary blog over the last few weeks. Even the ones we disagree with.

Really.

Because your comments – Adrian, Charlotte, Elizabeth, Finbar, Gareth, Jay, Jeremy, Jon, Julie, Luke, Nicola, Oliver, Peter, Philip, Sarah, Tim, – show the size of the gap between two camps.

In one camp are the people who work with philanthropists in charities, universities, theatres and museums. These people know that in order to manage a relationship with a customer – in this case, a philanthropist – we need to do what the banks, the supermarkets, the accountants, lawyers, architects and many others do. We need to be able to access public domain information in order to understand our customer, and we know that we have a legitimate interest in doing so. Sometimes we are required to do this research – for example by our supervisors at the Charity Commission.

Sometimes, we need to do this research before we have met the person. Which is why we have a range of controls, including legal controls and codes of conduct that set limits on this type of research.

In the other camp are the people who believe that precisely this type of research is an intrusion into an individual’s privacy. That searching for a named individual in Companies House fundamentally affects the rights of that person.

This is out of our hands now. The Fundraising Regulator and the Information Commissioner are putting together guidance that – we hope – will resolve this difference.

So we are closing, for now, this thread of conversation. We are not going to take any more comments in this area, for now. The debate needs much more hallowed halls than Factary can offer – it should be taking place in Parliament, or at the NCVO, not in our blog.

We have a job to do – to provide ethically sourced public domain information for our many non-profit clients, and we’d better get back to that.

The Future of Philanthropy, in 1 Question

Posted on by Chris

You are at a board meeting of your charity. Board member Jane mentions her friend Peter, and says he might be interested in making a donation. Peter, she says, is the owner of a large software company.

Peter, to be clear, is NOT A CURRENT DONOR. He has not opted in or opted out or opted for anything at your charity.

Back at the office you put Peter’s name into Google. It’s in your legitimate interests to do so, and Peter would expect you to do this.

Turns out that Peter’s business is based in Newcastle.

You are in London, so there is time and travel cost to consider if you are to visit him. You use Companies House to find out about Peter’s shareholding and the company’s profits. These figures help you estimate Peter’s gift capacity. Again, it’s legitimate for a charity to estimate the size of a potential donation before it decides to spend money on a visit to Newcastle.

At an invitation-only event on the 21st of February, the Information Commissioner’s staff will tell charities and the Fundraising Regulator whether or not they can do this search.

The future of philanthropy in the UK hangs on the ICO’s reply to this one question.

Can a prospect researcher do the search outlined above?

If the answer to the question is “No”, then high-value philanthropy in the UK will change dramatically.

It will no longer be possible to use public-domain information to identify or understand potential donors. Charities, universities, museums, hospitals and theatres will have to stop, immediately, all proactive forms of reaching out to new high-value supporters.

How will high-value philanthropists react? They will give less. When charities stop asking, people of wealth will stop giving, or give less and less often.This is not just an assertion – it is demonstrated by research. In “Richer Lives: why rich people give”, Theresa Lloyd and Beth Breeze report that 69% of rich donors give ‘If I am asked by someone I know and respect.’ Charities, from cancer research to the lifeboats, will have to adapt to a dramatic cut in their income.

Some philanthropists will respond by setting up their own foundations. We know from Factary’s New Trust Update that they are already doing this in some numbers. They will manage their own projects via these foundations, meaning less money for mainstream charities.

If the answer to the question is “No”, then the ICO is taking on not just the charity sector, but pretty much every business in the UK. Because every day hundreds of thousands of secretaries, assistants and marketing people do this exact search to check up on potential customers. Can that really be the ICO’s intent?

If the answer is “Yes”, then the ICO is affirming prospect research. We CAN continue to research, understand, and evaluate potential donors and, with permission, actual donors.

We will know the future of philanthropy in the UK on the 21st of February.


Chris Carnie is the author of “How Philanthropy is Changing in Europe”, published by Policy Press. He writes in a personal capacity.

Have I Mentioned…?

Posted on by Chris

Have I mentioned my new book? (It’s the vain author’s constant refrain.)

Yes, I know I have. But that was pre-publication. Now I have an actual copy in my hands, so that means that the orders have started shipping from Policy Press.

This is a book for practical people. It’s about how high-value philanthropy is evolving across Europe, so practical people in fundraising, in prospect research, in social investment, in policy making and in education will all find – I hope – useful information here.

If you are a major donor fundraiser interested in why your donors keep asking about impact, you’ll find an answer here.

If you are a private banker or wealth adviser who wants to understand why your clients keep on asking about foundations in France, you’ll find out why, here.

If you are a policy maker wondering whether to recommend further tax relief for donations, then you’ll find the arguments here.

If you are a prospect researcher, wondering where to look for potential supporters in Switzerland, you’ll find some answers here.

And if you are the director of an NGO, wondering what your strategic priorities should be, you’ll find some suggestions here.

The book includes case studies, detailed research, some how-to, and a bibliography of more than 300 sources and references in (count ’em, ladies and gentlemen) seven languages. Its focus is Europe, meaning that this is not about the UK + the Continent + Ireland – it’s about the Continent + Ireland, plus the UK.

I hope you find it useful.

 

Order “How Philanthropy is Changing in Europe” directly from Policy Press, here.

Divided Rules

Posted on by Chris

Prospect researchers are at the nexus of a storm between five government agencies. Thanks to the monetary penalties imposed by the Information Commissioner in December 2016 on two leading charities we can now see the extent of the battlefield.

In one corner is the Information Commissioner’s Office, ICO. In its press release announcing fines for the RSPCA and the British Heart Foundation, ICO condemned the use of “information from publically[sic]-available sources to investigate income, property values, lifestyle and even friendship circles.”

This appears to put the ICO in direct opposition to the Charity Commission. In a series of papers entitled ‘The Compliance Toolkit’ the Commission reminds charities that they have a duty to check on donors and potential donors. Tool 6 in the suite is called ‘Know Your Donor’, and here the Charity Commission asks;

“Have any public concerns been raised about the donors or their activities? If so, what was the nature of the concerns and how long ago were they raised? Did the police or a regulator investigate the concerns? What was the outcome?”

How would you find out whether “public concerns” have been raised, if you did not use “publically-available sources”?

You simply have to use newspapers, government sources, and a search engine if you are to find out whether public concerns have been raised. There is no other way. And of course the Charity Commission says so, recommending that “full use should be made of internet websites” to check donors.

Your duty

The Commission goes further, and reminds trustees that “…if the trustees have reasonable cause to suspect that a donation is related to terrorist financing, they are under specific legal duties under the Counter-Terrorism Act to report the matter to the police. In the case of money laundering, reports can be made to the police, a customs officer (HMRC), or an officer of the National Crime Agency.” The Commission suggests a threshold for reporting – donations of £25,000 or more.

But we are not done yet. Because if you have the slightest suspicion that the donor may be a bit iffy, the Charity Commission requires you to “…check the donor against the consolidated lists of financial sanctions targets and proscribed organisations.”

Gosh.

That means this list.

The list contains 8,885 names of individuals who are under sanctions. It includes their date and place of birth, their passport or ID number, and a biographic note such as “Manager of the branch of Syrian Scientific Studies and research Centre.”

That is personal information held in the public domain, that the Charity Commission requires us to review.

The Libya Connection

Why are four government agencies – the Police, HMRC, the National Crime Agency and the Charity Commission – interested in these checks?

In part, the story is linked to the London School of Economics, and the controversy over a gift from Libya. The result of the controversy was the Woolf Inquiry, which published its report in October 2011.

After a detailed study of the history of this gift, Lord Woolf made a series of recommendations on accepting funds from “less well known” high-value philanthropists including an inquiry into the sources of their funds (p. 69) and a thorough due diligence assessment (p. 22).

These searches are only possible with public domain information.

Catch-22

Under questioning at last year’s CASE conference, ICO spokesperson Richard Marbrow did allow that we could use public domain information for due diligence purposes. But he went on to say that this same information could not be used for assessing gift capacity because that would be an “incompatible purpose” for the use of data.

But that leaves us prospect researchers in Catch-22.

I cannot carry out full due diligence on all my prospects. To do so would be a scandalous waste of charity resources. The Charity Commission suggests that the threshold should be £25,000. So if I am to decide that Mrs A or Mr B must be checked via due diligence…I have to assess their gift capacity.

To do that, I need the help of a fifth government agency, Companies House.

Open for Business

Mr Marbrow cited Companies House various times during 2016, telling fundraisers and prospect researchers that because the information in Companies House was collected for one purpose – regulation – it could not be used for another – prospect research.

What does Companies House say? Here is their July 2014 press release*

“Companies House is to make all of its digital data available free of charge. This will make the UK the first country to establish a truly open register of business information.
As a result, it will be easier for businesses and members of the public to research and scrutinise the activities and ownership of companies and connected individuals. … This is a considerable step forward in improving corporate transparency…

It will also open up opportunities for entrepreneurs to come up with innovative ways of using the information.”

So, Companies House wants us to “research and scrutinise the activities and ownership of companies and connected individuals,” and to find “innovative ways of using the information.”

The Battle for Philanthropy

Prospect researchers are caught in the centre of a battlefield between government agencies, between “innovative ways” of using information, terrorism legislation, due diligence and privacy.

We must defend our corner of this bloody battlefield.

We need our friends in fundraising and philanthropy, in Parliament and in civil society, to support the sensible, ethical, managed use of public domain information in the search for philanthropists.

 

 

*I am grateful to a colleague at a leading University for pointing this out.

Chris Carnie is the author of “How Philanthropy is Changing in Europe”, published by Policy Press. He writes in a personal capacity.