With the current environment where governments and individuals are seriously concerned about personal privacy, the local church is in an unusual position. True fellowship implies that the people know each other well. A considerable amount of this personal knowledge gets lodged in the church corporately. Consider that much of the content of the weekly prayer bulletin would horrify people if it showed up on Google. Yet if a church posted the bulletin on their website (for the benefit of the members, of course), something like this will probably happen.
Because of the heightened sensitivity to privacy issues, many states, as well as the federal government, are rapidly developing laws and regulations to deal with privacy. The European Union has also published a set of privacy rules for public-facing organizations, with harsh penalties for violations. These regulations as a group do not have terms for private, non-profit organizations such as churches. In addition to legal trouble, local churches open themselves up to public shame for failing to protect the privacy of their members.
Fortunately, most local churches are not complex organizations. Fixing potential problems can be easy.
Follow the principles of Opt-In.
Information about church members and attenders should never be published or announced without the express permission of the individual. While publicly available information is probably acceptable (e.g., “Please pray for Mrs. Smith who was in a car accident last night”), other information such as, “Mrs. Smith will be undergoing surgery for a ruptured spleen as a result of last night’s car accident” violates medical privacy laws without that permission.
Consider anything published on the church website available to the public.
Unless the church is publishing a blog post about a summer missions team, avoid mentioning specific members. And even in such cases, it’s a good idea to get a signed release from the church members involved.
Don’t store information about church members on the website.
Even when these records are placed behind a security wall, hackers are always one step ahead of computer security professionals.
If it becomes necessary to make member records (such as giving records) available on a website, consider using third-party church software—especially if the church offers online giving using credit cards. Scrutinize the contract with the software vendor to make sure it assumes at least some of the liability for a website breach.
Establish privacy policies.
The governing board of the church should develop a set of privacy policies for church employees and volunteers. These policies need to be enforced. If someone on the staff lacks organizational skills and everyone knows it, assign another employee or a volunteer to help get the records in order.
Keep in mind the Biblical guidelines for the treatment of others.
“And the second [commandment] is like unto it, Thou shalt love thy neighbour as thyself” (Matt. 22:39).
“Let nothing be done through strife or vainglory; but in lowliness of mind let each esteem other better than themselves” (Phil. 2:3).
This is not just about rendering unto Caesar, but these verses reflect the mind of God. We must make our best efforts to avoid harming others.
The government does not always get things right. Balancing competing interests is difficult. In the case of privacy, the legislatures and regulators are addressing a legitimate concern. And our stewardship and care for fellow members of the local church demand we pay attention to their privacy.