Formal Letter BCM CEO UK

Birmingham City Mission

The Clock Tower

2 Langdon St

B9 4BP

weserpen@birminghamcitymission.co.uk

3/3/2025

Wes Erpen

CEO, Birmingham City Mission

Dear Wes,

I hope you’re doing well. I wanted to reach out about something important, not just from

an IT perspective, but as a friend who cares about making things smoother and more

secure for Birmingham City Mission.

I completely understand that managing a charity comes with a huge number of

responsibilities, and I know that IT policies can sometimes feel like another layer of

complexity. That said, I wanted to highlight some risks around the use of personal email

accounts for charity-related work and offer some practical solutions to keep BCM

protected.

Why This Matters

The charity sector is increasingly being targeted by cyber threats, and without proper

controls, there’s a real risk of data breaches, financial fraud, or even compliance issues

with UK GDPR and Charity Commission regulations. Personal email accounts, while

convenient, make it much harder to ensure data security, manage subject access

requests, and maintain a proper audit trail for governance purposes.

If a personal email account were ever compromised, sensitive information—whether it’s

donor details, financial data, or safeguarding communications—could be at risk. Worse

still, any breach could lead to significant fines (up to £17.5 million or 4% of annual

turnover) or reputational damage that could impact the charity’s ability to continue its

work.A Practical and Simple Solution

To prevent these risks, many charities now implement a formal Email & IT Policy to:

Ensure all official communications are conducted through secure, charity-controlled

email accounts

Protect against cyber threats like phishing and ransomware by enforcing Multi-Factor

Authentication (MFA)

Maintain proper governance and compliance, making audits and reporting much easier

Provide clear guidelines for staff and volunteers on data protection and email use

I know this might feel like a big shift, but in reality, it’s quite a simple process to roll out. We

can introduce clear guidelines without making things complicated for the team.

Next Steps – How I Can Help

I’d love to help draft a practical, no-fuss policy that ensures BCM stays compliant while

keeping things easy for staff and volunteers. If it makes sense, we could start with an

internal review to see where the biggest risks are and work from there.

Let me know if you’d like to have a quick chat about this—I’m more than happy to support

in any way I can.

Looking forward to catching up soon.

Yours sincerely,

James

#Work/clients/bcm/IT/00-policis-and-protocols