My church is far from the biggest one in town (yet, anyway). Even so, we’re big enough that it’s become necessary to use several tools to keep track of our members, plan our services, and manage our ministries. As a result, we recently published an information policy that explains what information we’re collecting from people and how we’re using it.
Here’s how it begins:
Thanks to social media, email subscriptions, e-commerce, and so on, more and more of our personal information is floating around out there — which can be unsettling. It’s difficult to know who knows what, how much they know, and what they’re doing with that information. Which is why we want to let you know what types of information we’re gathering about Redeemer’s people, and what we’re using it for.
And here’s how it ends:
Our goal is to find a balance between respecting people’s online privacy while also using information about Redeemer’s congregation to better serve it.
You can read the entire policy here. As you can see, it’s neither complicated nor lengthy. It simply lists the tools that we use, how and why we use them, and how people can “opt out” of such tools. (And to make sure that people know it exists, we link to it in church emails and mention it in the Sunday morning bulletin.)
Why does your church need an information policy?
I’d argue that in this day and age, it’s makes more sense than ever for churches, regardless of their size, to have some sort of information policy. There are, of course, good legal reasons for doing so in light of policies like GDPR and growing consumer awareness of online privacy and security (all good things). But there are even more important reasons: honesty and transparency.
Or, if I can be even more blunt without sounding melodramatic, your church should have an information policy in place to make its members feel safe within the church itself.
That may seem like an odd thing to say considering my own church involvement. I believe that the Church, as God intends it, is a good and beautiful thing, a living body that glorifies Him even as it helps, supports, educates, disciplines, and nourishes its members and serves the larger community. But the sad reality is that the Church is composed of fallen and sinful people, and the story of Church leaders misusing their authority to harass, hurt, and exploit others is one that’s become all too familiar.
Furthermore, we live in an era where our online privacy is consistently compromised by corporations (e.g., Facebook). Privacy violations may not be as monstrous as sexual and spiritual abuse, but privacy’s a right that should be vociferously defended nevertheless.
The Church’s God is a God of Truth. It follows that individual churches should strive to be as open and honest with members as possible in order to avoid even the appearance of abuse or misuse, of either their members or their members’ information. Just as you perform background checks on anyone who works with your church’s children, or report your church’s financial situation to the congregation, you should be upfront about what you really know about your church’s members, and how you’re collecting and using that information. (And if you’re not doing background checks, then STOP reading this and sign up for background checks RIGHT NOW.)
8 Steps for Preparing a Church Information Policy
As I mentioned before, a church information policy doesn’t have to be super-complicated. Here are some steps to get you started:
- Perform an audit of the tools you’re using. These include your website’s content management system, contact and event registration forms, mailing lists, Facebook groups, and church management software. Are there any tools you’re not using? Close and delete those accounts and consolidate existing tools as much as possible. (This may have the added benefit of saving you some money in monthly subscriptions.)
- Look through the remaining tools to see what you’ve already collected. For example, if you’re using a tool like Planning Center or Breeze to manage and keep track of your church’s members, know what you’re collecting about them. Are you collecting just contact information, or are you also storing information about members’ families, jobs, etc.?
- Delete what you really don’t need or use. Perhaps you’ve been collecting information about your church’s children (e.g., birthdays, grade and school information) because you thought it’ll be useful for your children’s ministry. But if you’re not really using that information, delete it. Only collect and store information that you actually use on a regular basis for church business. Deleting information you don’t need reduces your risk exposure.
- Allow people to “opt out” of and remove themselves from your services. If you send out church newsletters via email, make sure that people can unsubscribe at any time. Give people control over what they receive. (And if they miss the next great church event because they unsubscribed? Well, they can always re-subscribe.)
- Consider the sort of information that you’re posting online via your website and/or social media profiles, and if you can or should be posting it. Are you posting photos of your church’s cute kids? Are you sharing members’ phone numbers and/or email addresses because they lead your small groups or are contacts for church events? Do you have permission to post that stuff, or do you assume it’s OK because it’s for church business? (Hint: Never assume anything’s OK. Always ask for permission.)
- Make sure your church’s leadership signs off on any policy. That way, in the unlikely case that an issue moves up the chain of command, everyone’s on the same page.
- Listen to your congregation’s feedback. It’s possible that some people might be offended after learning that you’ve posted photos of their kids on the church website. Listen to their concerns, apologize as necessary, remove the photos, and do better next time. But in my experience, most people will appreciate that you’re taking these steps to be more open and accountable. Chances are, they’ve never thought about their online privacy in the context of their church and they’ll be glad you are.
- Realize that this might make life a little more difficult and require some clever workarounds. For example, if you were posting people’s contact information on your website to serve as contacts for church events and ministries, and people don’t like that, you might need to create a generic “events” email address that gets forwarded to the proper individuals.
Obvious disclaimer: I’m not a lawyer, so none of the above items should be considered legal advice that’ll stand up in court. But I do believe they’re good practices that’ll get you started down a path towards greater openness and accountability — things that your church’s members will almost certainly appreciate. The more we can encourage openness, honesty, and transparency in our churches, the stronger, safer, and more welcoming they can become.