In part one of this series of privacy policy and it’s relation to the church, I explored a scenario that can very easily happen in the theo-political climate of today.

In part two of this series of privacy policy and it’s relation to the church, I explained a brief history of why we had to develop privacy policy.

In part 2, I posted a very good definition of privacy policy that is listed in Wikipedia that is defined as:

“A legal document that disclose how a party retains, processes, discloses, and purges customer’s data… Privacy policies usually contain details of what personal information is collected, how the personal information may be used, the persons to whom the personal information may be disclosed, the security measures taken to protect the personal information,…”

If you look at the definition, you will notice four things a good privacy policy has:

What type of personal data is collected and how it is collected? The first thing one would think is the “accepted normal” information that is usually found in a church directory such as name, address, and phone number. Now in some modern churches, it is becoming the norm to request and publish cell phone numbers and e-mail addresses in addition to the “Accepted normal” information we have been used to for years.

I now have another thought. What about the personal contact information for visitors when a visitor fills out a visitor’s card and places it into the offering plate? Most visitor cards ask for the “Accepted normal” information along with demographics such as married, divorce, widowed, or single and a check box if a letter / church packet or a visit from the visitation committee is appropriate.

What if the visitor decides to continue coming to your church and eventually decides to join the church and goes about the process of attending the new membership classes and re-stating their personal data. Some churches are now asking about career occupation, workplace phone numbers / e-mails, etc. in the name of statistical analysis to see what different types of people attend their church.

There should be a written policy in place that dictates what is gathered with the right for a person to not disclose such information.

How is the personal information used? This issue should also be addressed from a perspective of privacy policy. From a visit by members of the visitation committee, demographic analysis, to listing in a church directory specifically to be used ‘in good faith’ by other members only to be able to contact other members for church functions only, to contact in reference of official church business (staff changes, building fund, etc.) procedures controlling the use of this information to prohibit gung-ho pragmatists from selling the information to other Christian ministries should dictate these policies and consequences for staff and also church members that wrongfully misuse personal information. Also, procedures and controls for modification or deletion of personal contact information (a family moves across town, a couple leaves the church, or an elderly person dies) should be in place to not allow negligent altering of data.

Persons to whom the personal information is disclosed? This issue should also be addressed from a perspective of privacy policy in reference to controlling who has access to such information. Controls should be implemented that covered anyone from visitation teams, church directories, pastoral staff, committee members and also congregation members that procure a church directory. Congregation members should on their end promise not to give/sell copies of church directories to any ministry nor to their friends and relatives who decide to start a local business and needs to quickly establish a customer clientele.

Security measures taken to protect personal data? This issue should also be addressed from a perspective of privacy policy in reference to determining information safeguarding procedures and assigning the appropriate staff members responsible for information safeguarding and access. Some basic measures can include not selling personal information, purging personal information of people who have left the church, safeguarding personal information of those who wish for it not to be given out under any circumstance nor published in a church directory, and password-protecting (maybe encryption) database files as well as backing up and safeguarding the backup files. This should also apply to the archiving of data files containing personal contact information in the name of backup that would be used to restore a computer to full functionality if a hard drive had to be replaced.

In other words:

A church should in good faith, respect and protect your right to privacy while keeping your personal information safe and protected. This includes large churches who purchase outside solutions that provide online database services to do online church directories, provide discussion forums in the name of ‘community’, and extracurricular activity sign-up pages. This also includes church discipline to staff members or congregation members found to have violated the privacy policy

A church should in good faith, never sell nor freely share your personal information to anyone outside of the church, for any purpose. Period. However, if the church is so pragmatic and desperate that they feel that they have to do this in order to ‘save America’:

(A): A church should be able to ensure its members that the outside ministries they give/sell your personal information to also has privacy policies prohibiting them for re-selling your personal information and also have implemented appropriate information safeguards and privacy policies in place to prevent outside hackers and/or internal employees who are not supposed to have access from gaining that information.

(B): A policy should be in place to give you, the church member the right at any time to “opt-out” of allowing a church to release your personal information to anyone outside the church / denomination headquarters or to be included as part of Christianized “niche-market demographic” analysis.

A church should in good faith fully disclose their privacy policy in plain language (as part of the church bylaws and also to prospective new members in new member classes), make their privacy policy easily accessible to you, and make sure you are aware that a privacy policy does exist.

A church should in good faith should notify you in advance of potential revisions to the privacy policy and fully disclose the proposed changes before the congregation / elders vote to (or not to) implement the changes in the privacy policy.

Not only do privacy policies need to be implemented by churches on the electronic / computer end, but they need to be revisited by churches who still use exclusively or rely on as a last resort in case the electronic copies are lost, hard copies of private information in reference to maintenance, access, archiving, and disposal of hard copy information.

How can a church begin to implement a privacy policy? It is wise to always consult with an attorney who is familiar with privacy laws or consult a privacy policy consultant who can help you implement an adequate privacy policy. From a technical standpoint in reference to protecting a church’s network and computers from internal unauthorized access, viruses/spywares, or an outside hacker attack, many computer repair service centers that handled the sales, service, and networking of the church’s computers, servers, and printers can consult with you providing tips on how to password-protect, safeguard, archive, and delete/dispose data.

I can easily foresee in the near future, church insurance companies that will include privacy policy and electronic information safeguarding as issues of compliance that would have to be addressed in reference to liability and maintaining coverage of insurance. They will probably be addressed in the same realms and with the same seriousness similar to people who get hurt on church property, overnight burglaries / vandalism that could have been prevented with alarms, better outside lighting, and better locks, actions of a church employee who engaged in willful misconduct of moral turpitude (sex scandals) because the church did not do background checks, or negligent deaths because a fire broke out and ushers were not trained to evacuate people inside the building or because exit signs or fire alarms were not operational.

I would like to see church security companies/ministries begin to incorporate privacy policy / information safeguarding consultation services as part of their overall portfolio of services and training offered. I feel that this will be a very beneficial value-added service that should help a church become more secure in ways never imagined.

In summary, the need for privacy policy and information safeguarding in the church is an issue we can no longer deny. It is now needed.

From churches ‘desperate’ for moral change to the outraged Christian mom made hysterical by a ‘family news alert’ on Christian radio, people are using the pragmatic philosophy of “by all means necessary” (with no respect or regard to the rights and feelings of others) to sell/give out personal and private information of their fellow church members “in God’s name” to Christian organizations to “alert” others to the pressing needs of their own agendas. To these people, it seems that a sense of “possessed psychopathy” has taken over their entire being to the point of believing that promoting “the cause’ as they please by any way possible without the feeling of shame, conscience, remorse, or even guilt, supersedes the rights of others who prefer not to be bothered about that person’s personal crusades.

Without understanding responsibility and consequences for their actions, these people who treat your private and personal information with scorn and lack of tact fail to see themselves as the problem. Instead, they view themselves as the opportunists, the solution, and the instruments of God in their self-conceived holy war against ‘dem lib-brulls’ (aka anyone who disagrees with them). The private contact information was purchased, used, and sold again by the “disciples of desperation” and ‘culture warriors’ to attempt to recruit you in the agenda army to fight or fund the hallelujah holy war brought forth by the Christian Reconstructionists and “Jehovah Jihad”, of course ‘in God’s name for (fill in name of religious-right leader here)’s glory’.

As we used to trust our kids in church with “anyone” and as we used to know via common sense that coffee was indeed hot, we have now reached the point that maybe we can not be assured that our private and personal information is either properly safeguarded or confidentially protected by people we feel would adequately not disclose our information.

And just like the church childcare worker that passed background checks along with the sign telling people coffee is indeed hot, we now need procedures in place to make us aware that the private and personal contact information we gave in good faith to a church is not only private, but also valued and protected…

…in the same manner we need to value and protect our fellow brother and sister in Christ.

Related Posts

1. Privacy, An Issue of Church Security, Part 2
2. Privacy, An Issue of Church Security, Part 1
3. The Church And Private Information
4. Purpose-Driven Church Splits, Part 2
5. WHI on The Emerging Church, Part 1