Data protection for charities is an important topic. Charities collect the personal information of their donors, including names, addresses, credit card details and bank account numbers. They use this information to manage members, coordinate fundraising and process payments.

The mismanagement of data and personal information may not only be unlawful, but may reduce the charity’s reputation, and as a consequence, the support they receive from the public or private sector. This article will explain data protection for charities and how a charity can meet its obligations to safeguard the personal information of donors.

Establishing Data Protection Procedures

Charities need to establish good practices around how they collect, store and use personal information. First, the charity should ensure that they have data protection procedures in place to protect personal information. For example, by storing donor information in encrypted databases and keeping antivirus software up to date.

Secondly, the charity should write an organisation-wide privacy policy that outlines how the charity:

  • collects personal information;
  • secures personal information;
  • discloses personal information; and
  • allows donors to view, amend and remove their personal information.

Complying with Direct Marketing Obligations

As many charities raise money through direct marketing, they should consider any obligations imposed by their fundraising authority. Fundraising authorities differ from each state and territory so the charity should first look at any direct agreements they have with their relevant government regulator (for example, the Queensland Office of Fair Trading).

There are, however, general best practices that a charity can implement, including:

  • making people aware that the charity may use their personal information to undertake direct marketing; or
  • letting people request the removal of their personal information from direct marketing communications.

Sharing Donor Information

Occasionally charities can benefit from sharing their donor information. For example, by swapping information with another charity to expand their audience. However, there is a risk that the other charity will use the information inappropriately, or that people will not want their information shared.

Therefore, a charity should be careful to ensure it follows similar processes discussed above. For example, the charity should make donors aware of:

  • the potential for their information to be shared with other organisations;
  • the specific organisations that their information will be given to;
  • what type of information will be shared; and
  • the purpose for which their information will be shared.

More stringent obligations apply if the charity is sharing personal information with an overseas organisation.

Meeting Legal Obligations

Charities are also subject to legal obligations relating to relating to data protection and privacy. The three big ones are:

Legal Obligation Explanation
Fundraising licence If a charity undertakes fundraising activities, some states and territories will require the charity to obtain a licence. These licences may impose specific obligations about how the charity uses information obtained from fundraising.
Australian Charity and Not-For-Profit Commission (ACNC) The ACNC requires charities to comply with their governance standards. These include a general obligation to act honestly and fairly and within the interests of the charitable purposes. This obligation can extend to the charity’s collection, storage and use of personal or sensitive information and data.
Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles The charity will need to comply with the Privacy Act and Australian Privacy Principles if the charity sells or purchases personal information, provides health services or has an annual turnover of more than $3 million. If so, they will have additional obligations for and have processes in place to ensure personal information and data is protected.

Key Takeaways

Charities routinely collect and handle the personal information of their donors. Some of this information is highly sensitive, such as credit card and bank account details. To protect this information, charities need robust data protection and privacy policies.

If you require further advice on data protection for charities, you can check out how to manage people’s data on the ACNC website.

COVID-19 Business Survey
LegalVision is conducting a survey on the impact of COVID-19 for businesses across Australia. The survey takes 2 minutes to complete and all responses are anonymous. We would appreciate your input. Take the survey now.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. For just $199 per month, membership unlocks unlimited lawyer consultations, faster turnaround times, free legal templates and members-only discounts.

Learn more about LVConnect

Kristine Biason
Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.
Our Awards
  • 2019 Top 25 Startups - LinkedIn 2019 Top 25 Startups - LinkedIn
  • 2019 NewLaw Firm of the Year - Australian Law Awards 2019 NewLaw Firm of the Year - Australian Law Awards
  • 2020 Fastest Growing Law Firm - Financial Times APAC 500 2020 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review 2020 AFR Fast 100 List - Australian Financial Review
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards 2020 Law Firm of the Year Finalist - Australasian Law Awards
  • Most Innovative Law Firm - 2019 Australasian Lawyer 2019 Most Innovative Firm - Australasian Lawyer
Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at

View Privacy Policy