19 September 2019 - Podcast
A Memorandum of Understanding (the 'MOU') between the Charity Commission (the 'Commission') and the Information Commissioner (the 'ICO') was published on 19 June 2017. The MOU provides a framework for closer working between the Commission and the ICO so that 'charities may continue to enjoy public support and confidence whilst acting in compliance with [relevant data protection legislation]'. The MOU sets out the functions and power of each organisation, as well as its intentions, which are to:
- promote a common understanding of each organisation's responsibilities, working procedures, legal powers and constraints;
- promote co-operation between the Commission and the ICO's staff at a strategic and operational level;
- facilitate effective investigation and the exchange of information with the objective of preventing and enforcing against practices that breach the relevant legislation; and
- ensure appropriate consultation on matters of mutual interest to ensure that charities may be encouraged to fully comply with their legal obligations and adopt best practice in governance and accountability.
The MOU states that the two organisations will, subject to legal restrictions (statutory or otherwise) and at their discretion, discuss issues of regulatory concern to each organisation and will communicate regularly (at least on an annual basis) to discuss matters of mutual interest or concern. The MOU further provides that the two organisations will consult each other at an early stage on any regulatory issues that might have significant implications for the other organisation and will share (for comment) at an early stage draft documents, such as consultation papers, that may impact on the other's objectives and functions.
The MOU also provides that the Commission will coordinate with the ICO if it receives a complaint or any intelligence that relate to the Data Protection Act 1998 or the Privacy and Electronic Communications (EC Directive) Regulations 2003 and will, if deemed appropriate, refer the matter to the ICO.
We recommend that trustees consider the Commission's Serious Incident Reporting guidance in light of any regulatory communication from the ICO.