Privacy and Faith-Based Institutions: Does Your Church Need a Privacy Policy?While most state privacy laws exempt non-profit organizations, it is a best practice for churches and faith-based organizations to have a privacy policy informing members about how their personal information is handled. It is especially important to note that faith-based non-profit organizations are not exempt from compliance with the General Data Protection Regulation (GDPR) — adopted by the European Union in 2018 to protect the data and privacy of EU citizens. So if your church processes any data of  EU citizens, it must comply with the GDPR.

The relationship between church leadership and its members is grounded in trust. Members trust church leaders with some of the most sacred and private details of their lives. They also trust church leadership to be good stewards of the church’s resources; one of these resources is personal data.

Churches collect and maintain information that may be classified as personally identifiable information from members and visitors such as membership records (names, phone numbers, addresses, email addresses, household member information), counseling appointments and notes, and financial information. Not unlike any other business, churches now use technology for:

  • Online and mobile giving
  • Email newsletter signup
  • Email “Contact Us” options
  • Purchases from online bookstores and resource centers
  • Event registration

But it’s not just about technology. The data collected on traditional giving envelopes and visitor cards also includes personal information that is often transferred to the church’s database.

Careful management of data collected by churches is important to avoid inappropriate disclosures and potential lawsuits. A privacy policy is a promise from churches informing members about how their personal information is collected, used, and stored.  Along with all of the other ways members trust their church leaders, a privacy policy can reinforce trust that the church is being a good steward of its data resources. The members can rest assured that their personal information will be handled with privacy, security, confidentiality, and accountability.

This article covers only the importance of providing a privacy policy to church members. It does not cover the various means of protecting personal information communicated through the privacy policy. Privacy policies should be carefully drafted because regulators and courts often treat them as enforceable promises.

Print:
EmailTweetLikeLinkedIn
Photo of Alicia N. Netterville Alicia N. Netterville

Alicia Netterville joined the firm as a part of the litigation and privacy groups after completing a clerkship with the Honorable Carlton W. Reeves of the U.S. District Court, Southern District of Mississippi. She has deep experience defending clients in lawsuits prosecuted by…

Alicia Netterville joined the firm as a part of the litigation and privacy groups after completing a clerkship with the Honorable Carlton W. Reeves of the U.S. District Court, Southern District of Mississippi. She has deep experience defending clients in lawsuits prosecuted by the attorney general of Mississippi under the Mississippi Consumer Protection Act.