Anyone have some good resources on data collection and privacy as it relates to churches? I’m looking beyond website data collection and child privacy. What are the ethical and legal considerations with attendance, finance and all the other data collected?
Of course this is a big topic, but a few starting points:
- Only store data that you actually have a good reason to store.
- Get rid of data once it’s no longer useful. (That family that attended twice 10 years ago? Delete their data.)
- Everyone with access to that data should sign some sort of non-disclosure agreement, and be trained on privacy.
- Keep that data secure! This goes beyond just your database. What about things like backups or information that gets printed for whatever reason? Are they encrypted? Shredded? Locked up? Who has access to them?
- If you use any kind of third party to process your data (such as a ChMS, MailChimp, etc) be sure they are contractually obligated to uphold similar standards for privacy and security. (Their terms of service should spell this out and counts as a contract. You might even be able to enter into a Data Process Addendum to hold them to the high standards of EU’s GDPR).
Church Law and Tax is a great resource. Covers privacy too: