FAQs – Mind's work with About Loyalty
On this page, you'll find information about Mind's work with About Loyalty. For more information or if you'd like support, email our data protection officer, Gemma Smith, at [email protected]
What is Mind’s relationship with Kokoro and About Loyalty?
For the past 3 years, Mind has worked with About Loyalty on our annual supporter survey. This survey helps us to:
- Understand our supporters better
- Tailor what we offer you
- Understand how to communicate to best suit your interests and needs
About Loyalty is an organisation that specialises in this kind of survey and research, so it helps Mind to better understand what supporters are telling us. And how to use those findings to improve our work, boost our relationship with existing supporters and reach more people who might want to support our cause.
About Loyalty also works with a research partner called Kokoro, a company that specialises in making the most out of data insights and turning them into innovative solutions.
That sounds like a lot of steps and people involved with Mind’s supporters’ data. Did Mind know that About Loyalty were working with Kokoro?
Yes, Mind agreed to work with About Loyalty with an understanding that they work with Kokoro for further insights.
We always carry out thorough due diligence checks and make sure we get the right assurances before working with third parties, especially when it involves our supporters’ data.
Mind took the decision that About Loyalty could help us to improve our work with supporters, which included the valuable support we could get from Kokoro.
What happened with Kokoro and About Loyalty?
About Loyalty has let us know about a data security incident. This happened in August and involved their research partner, Kokoro.
Following the incident, the investigation that Kokoro carried out found that some charity supporters’ data had been accessed by an “unauthorised third party” – people who shouldn’t have been able to access it.
The investigation wrapped up in mid-September and we've been waiting for more information from Kokoro to help us understand if Mind’s supporters are affected – and if so, how. Now that we have this information, we're contacting supporters affected to let them know.
Any supporter data accessed is extremely limited. It doesn't include any of our supporters’ banking, financial or medical information.
How is this affecting Mind’s supporters?
The data accessed included:
- Email address
- A category based on how you support Mind
In a separate file, there was some information about donations received by Mind. A third file contained responses to the survey.
We know for sure the information didn’t include any of your financial information.
We’ve been assured that the incident is now resolved and there’s no evidence your data has been shared or copied, and it won’t be shared or copied in the future. We will continue to monitor this.
So, there’s nothing you need to do now. We wanted to let you know about this anyway, because it’s important that we're open with you.
How is this affecting other charities’ supporters?
At the moment, it’s known that some of About Loyalty’s charity partners may have been affected by the cybersecurity incident. Some charities have decided to contact their supporters as a precautionary measure.
Why didn’t Mind contact us before? What steps has Mind taken?
Openness and honesty with our supporters are of the utmost importance to Mind.
We were notified of the incident on September 1 and waited for the outcome of Kokoro’s investigation before contacting supporters. We wanted to be sure what data had been affected and how, so as not to cause undue worry to supporters.
We have reported the matter to the Information Commissioner’s Officer and are in regular dialogue with About Loyalty about any updates on the situation.
Kokoro have confirmed that an estimated 89,065 records related to Mind supporters have been affected. We have received assurances that the data has not been further duplicated or shared and does not cause a high risk to supporters.
Has Mind reported the incident to the Information Commissioner’s Office?
Yes, we reported this to the Information Commissioner's Office in the first week of September, because of the potential impact on supporters if they were affected.
When will Mind know what the Information Commissioner’s Office are doing?
We will provide an update on this when we can.
Does this affect local Minds?
No. This would only affect people who received the supporter survey from national Mind.
How can I check if I have been affected? When will I know if my data has been affected?
We have written to the people personally affected by this incident.
What does this mean for Mind’s relationship with Kokoro and About Loyalty moving forward?
Once we have reached a conclusion with this matter, we will review our ongoing relationship with About Loyalty and Kokoro.
How can I protect myself from my data being wrongly shared?
There are no specific steps you need to take as a result of this incident. We would always advise caution when it comes to your data.
It's worth being vigilant about any person or organisation that:
- Contacts you out of the blue, particularly regarding data or information you haven’t shared publicly
- Asks you to do something unusual like download an attachment
Where can I get more information?
If you want to speak to someone for more information, or if you'd like to get support with this issue, email our data protection officer, Gemma Smith, at [email protected]