Have you heard about the Cambridge Analytica controversy, better known by mass media as the Facebook data leaks? If you look into the details of this, data was not leaked, but it most definitely was mishandled and privacy lost. I want to take a look at this controversy of protecting user data with the lens of the Church and come up with some best practices that churches need to implement today if they want to avoid catastrophe.
Note: this is in no way comprehensive, but at almost a thousand word article, I had to stop at some point. Add to the conversation in the comments what I missed.
Educate Your Congregation How You Use Their Data
Maybe the biggest discovery within all of this Facebook drama is that what Facebook was doing with your data actually was never a secret. In fact, you and everyone agreed to it. When you add that third party to your Facebook page, giving the company access to post to your wall, invite your friends to play your game, and share your Snaps or automated posts, you most likely are giving them access to everything.
People need to review their Facebook settings, and many have been startled to discover the sheer volume of third-party apps that have access to aspects of their account and personal information. Others had no clue the extent to which Facebook has built portraits of their interests, likes, and other details pulled from their history of interacting with the social network.
The Verge
Now, you probably already knew how Facebook handles your data because you realize you’re the expert for your church on this topic and have to keep up with everything social media, but the layperson certainly does not. The media’s portrayal of evil companies doing this too highlights this fact. You gave them access. It was clearly written what they had access to when you clicked agree. You just didn’t ask them what they would do with that information.
Of course, Cambridge Analytica can’t go out as a white knight here. It appears they broke Facebook policy in how they used that data because they didn’t use it how they originally intended and expressed.
Application:
Churches, are you doing this? You collected data on new visitors, new members, each tithe, each activity attended. If you use this information for any reason other than originally collected, you’ve actually broken a privacy contract, even if it wasn’t formally expressed.
Example: A youth whose family has never attended your church writes down his family’s information. A teenager sharing that info in and of itself is ethically and morally grey, if not wrong. Then you use that info, comparing all youth data to your overall ministry information, and then send an Easter flyer out to the family in hopes of inviting them. Harmless, but is it okay? I’d like to contend it’s not.
I’d encourage you to actually educate your congregation on how you use the data. Not a boring one-week, Wednesday night group that no one is going to attend. Give it 3-5 minutes once a semester. People feel bored by it? That’s how we got into this Cambridge Analytica situation in the first place. Do your due-diligence.
Have A Privacy Policy For Your Church
It amazes me how much pushback I get to the question: does your church have a privacy policy for the data you collect? I hear many excuses. We don’t have anything personal. We are fine, it’s secure. It’s not really that big of a deal.
You have their bank routing and account numbers!
You do background checks that include social security numbers!
You take photos and personal data of children!
Not having a policy and mishandling that information can easily lose you a lawsuit that brings down your ministry. Further, someone is going to be hurt by this and they may be friends or family. Create a privacy policy, implement it, educate all staff and volunteers, and have checks and balances in place if something goes wrong.
Need help writing a privacy policy?
There are two options. The first is to find another church that is doing this well, ASK THEM if you can use it (at least be respectful and ask), and then implement it for your entire church. Make sure what is online is full scope, including the data you gather IRL.
Want a good example? Check out Dream City Church’s privacy policy that is detailed in scope without being overly wordy and having too much legal jargon.
Another example that is fuller in its distribution is FreePrivacyPolicy.com which allows you to pick and choose what needs to go into a complete privacy policy. It isn’t church focused but is definitely comprehensive.
Conclusion
Ultimately, you need to look at the holes in privacy for your church. Do not copy/paste and think everything will be okay. Do not mimic someone else from another state, with other ministries than you, and a completely different community culture. And if need be, spend a little money with legal representation to make sure what you have is ironclad so that you are protecting the staff of your church and the congregation you are serving.
Blessing Mpofu says
So helpful. Often churches don’t realise how exposed they are or can be in this area. Making sure that data is secure is also a critical part of the equation. Where and how the data is stored, accessed and shared a critical part of the puzzle.
Thanks for helping us think through this Jeremy.
Jeremy Smith says
You’re welcome.