What You Need to Know about Church Data Privacy

The concern over data privacy can’t be ignored, even by churches—and while it may seem complicated, there are resources available to help the faith and church industry “level up” up on the subject. In fact, when you understand data privacy as a pastor or church leader, you can help instill a new level of trust, and reinforce the meaningful relationships you’ve built with the people and communities you serve. 

People simply want to know their information is protected, whether it’s notes on their membership record, counseling appointments, financial data, etc. They need to know you care about keeping it secure, and you’re taking steps to protect their privacy. 

This blog will point you toward some of the resources we’ve gathered so you can learn:

  • What data privacy is

  • How to protect the information your members have entrusted you with

  • What you can do to help protect your church’s data as a whole

  • How to write, or update your privacy policy

  • Etc.

Data—One of a Church’s most Valuable Assets

It’s important to understand the many types of data you may collect as a church. Ministry Business Services states, “Data is one of the most valuable assets a church has. Protecting it isn’t difficult, but must be approached as deliberately and strategically as fire and security protection.” 

Their article, Protecting Your Data—Is It Really Worth the Hassle? includes comprehensive lists intended to help you understand:

  • Data categories

  • Data threats

  • Prioritizing data protection

  • Layers of protection

A Responsibility to Protect Data 

Ministry Impact explains that as a pastor or church leader, you have a responsibility to protect the information members share with you, which may include their names, addresses, ages, notes, family affiliations, etc. 

Although people are increasingly sensitive about how their data is collected and used, there are some simple steps you can take to help protect it. Their blog, Keeping Your Church Members’ Data Secure, even provides a list of actions you can take to ensure better data security for your members, and your church.

In the blog, they state, “As a church leader, you know that we have nothing to fear with God as our provider and protector. However, we also know that he’s entrusted to you a great responsibility to care for his people. And a big part of that care is to do all you can to protect them . . . .” 


Collecting and Protecting Church Information

The Church of Jesus Christ of Latter-day Saints provides a resource to its members entitled, Keeping Church Information Safe, in which they state, “You are a steward of sensitive information. It is important that you share this information only with those who need it to fulfill their callings and assignments.” 

They explain how to keep membership, personal, and financial information confidential, as well as how to:

  • Protect sensitive information with passwords

  • How to safely store data

  • How to protect information on mobile devices

  • Be smart online

The Difference Between Data Privacy and Protection

As you work to protect the information your congregants share with you, it’s important to educate yourself around data privacy laws and regulations. Data Privacy Vs. Data Protection, published by Ipswitch, states that, “data protection is about securing data against unauthorized access. Data privacy is about authorized access — who has it and who defines it.” 

In the blog, they explain how data privacy and protection are interconnected, but that one doesn’t ensure the other.

GDPR and Your Church

One of the biggest changes in privacy and security came about with the introduction of GDPR. Originally intended for anyone living in, or doing work in the E.U., many organizations in the U.S. have also complied. Fishhook explains how these regulations could affect your church in their blog post, What the GDPR Update Means for Your Church.

The author explains specific updates and what to do to make sure you’re in compliance. They also provide a GDPR Privacy Policy Update template. 


10 Top Tips to GDPR Compliance

Digital Church has set out to help churches everywhere understand GDPR and how it could affect their ministry in their blot post, Is Your Church Ready for GDPR?

In their blog, they explain what GDPR is, who it affects, and what you can do to make sure you’re in compliance with these new regulations. They state, “If you process any data in the E.U. (even attendance data), GDPR needs to be on your radar.” 

This blog provides 10 top tips to help you get on board!

Physical and Computer Security

Data and security breaches are becoming more common, even in the church space, which is why American Church Group recommends being proactive in your physical and computer security. 

In an article titled How Well Does Your Ministry Secure Personal Data?, they state, “By carefully managing your members’ personal information, you are not only exercising good business practices, but you also are protecting your church or ministry from crippling data losses, embarrassing public disclosures, and potential lawsuits.”

The article includes two bullet lists—one for improving physical security and the other for computer security. It’s a quick read with some suggestions worth following up on!

Privacy Policies & Data Protection

Hillsong’s privacy policy is a great example of how to communicate with your church members about the information you collect, store, and how you may use it. It even breaks down the types of information collected, defines some data terminology, and explains how it complies with specific laws and regulations.

They also provide step-by-step directions for those who want to withdraw consent for use of their information.

Church Privacy Policies & Why You Need One

You may not have a privacy policy in place, or maybe it’s outdated, but it’s important for congregants to be able to read and know how their information may be used when they’re making a gift through an online application, using child check-in, etc.

Not sure where to start with a privacy policy? 

Church Planting Tactics has provided a great resource to help you in their blog, Do We Need a Church Website Privacy Policy. They’ve even linked out to several church privacy policies as examples, and provided resources you can explore as you create your own.

Data Privacy Training

There are many organizations that provide privacy and security trainings to help educate your church leaders about how to handle the information you exchange with your members. We recommend IAPP, the industry leader around privacy, and a not-for-profit organization.

“Data powers the information economy. And the risks associated with it continue to skyrocket. Data breach, identity theft, loss of customer trust—these are the threats to organizations of all sizes, in all sectors, in today’s marketplace,” they explain. “The International Association of Privacy Professionals (IAPP) is a resource for professionals who want to develop and advance their careers by helping their organizations successfully manage these risks and protect their data.” 

Partner with Trusted Providers

Church leaders and pastors everywhere are recognizing the need to use technology to help them with things like: 

  • Online giving

  • Child check in

  • Assessments

  • Data analytics

The information exchanged with these services is powerful, and it’s critical that you select partners who handle that data with integrity and trust. Trust includes privacy, security, confidentiality, and accountability.

When selecting a data solutions provider, ensure they follow industry standard self-regulatory principles around consumer privacy, established by organizations like the IAB and DMA. 

Make sure partners have rules in place that protect against risks, unethical use of your information, and other pitfalls.

As you partner with trusted providers, it will allow you the confidence and reassurance that you can put your focus on what matters most—your ministry. For a “deeper dive” on data and church, and to learn how you can identify a trusted data solutions provider, download our ebook: Data & The Church

“Level Up” on Data Privacy

At Gloo, we’re working to provide additional resources to help you “level up” on trust by understanding privacy, security, and compliance practices. Watch for monthly posts in our blog, and be sure to subscribe, so you don’t miss a beat!

To make it easy for you to have a world-class privacy policy at your church, we also co-created this data privacy toolkit with Leadership Network. Check it out on their website, and download a copy for your church today.

Get the Toolkit