Protecting Your Church Members’ Privacy

March 19, 2019 Rev. Bill Johnson


If you’ve purchased anything in the last twenty or so years, you’ve almost certainly experienced it: that moment when you get to the register to purchase an inconsequential item, perhaps with exact change at the ready, and your dreams of a quick in-and-out transaction are dashed on the rocks of a series of questions:

“Can I get your phone number please? Hmm . . . you’re not in our system. Let me add you. What’s your name? Address? Email address? Phone number? Mother’s cousin’s oldest stepchild’s phone number?”

It doesn’t take a rocket scientist to figure out why it’s big business for retailers to associate your personal information with your shopping habits. Whether it’s through the phone number at the register, the scannable supermarket card, or any number of other methods, retailers want to know what you’re buying and when you’re buying it so that, hopefully, they can determine why you’re buying it and leverage that information to sell you more. The world of big data is an advertiser’s playground and, whether we like it or not, we’re the product up for sale. When you step into the world of social media, this only gets amplified. As others have wisely said, if a company is providing a useful service for which they’re not charging you anything more than collecting your personal information, you’re not the customer. You’re the product, whose privacy is being sold to the highest, and sometimes lowest, bidder.

It’s intrusive, it’s annoying, and it reflects a growing realization of something that’s already real in our society. Privacy is currency.

What’s a Church to Do?

As the Church, we need to acknowledge that people are more sensitive than ever to matters of privacy, and as the technologies available to large companies grow more intrusive and ubiquitous, this is only going to get worse. To get a glimpse of the technologies as they stand today, sign up for a Facebook advertising account. You don’t need to spend any money, but just create a campaign or two to play with the demographic data that Facebook makes available to advertisers for targeting specific categories, locations, ages, interests, and so on. As those algorithms get better with time, there exists a serious danger that the concept of privacy as we now know it will cease to exist.

Once we realize this, though, we have a moral and theological imperative to help ensure the private information entrusted to us remains private. (Think Eighth Commandment defense of reputation in the Small Catechism, “We should fear and love God so that we do not tell lies about our neighbor, betray him, slander him, or hurt his reputation, but defend him, speak well of him, and explain everything in the kindest way.”) This goes beyond data security to a transparent way of operating that will help put visitors and longtime members alike at ease.

Simple Guidelines

While we don’t have the time or space here to be exhaustive, some basic principles should suffice to get our ministries pointed in a direction that will both care for the people God has entrusted to us and make visitors feel more at ease with our congregations.

Be Careful What You Ask For

Before requesting any personal information from a member or visitor, ensure you have a good reason for doing so. Our instinct as church leaders and communicators is to grab every piece of information we possibly can so that we have the maximum number of ways to communicate with a member or visitor, but this is precisely the wrong way to go. Instead, minimize the amount of information you request, and allow people to self-select not only the amount of information they’d like (Does everyone with small children need the nursery schedule? Really?), but also the way they’d like to receive the information. Consider hosting the information on your website and providing text messages, emails, and printed short URLs that direct people to finding the information in a common place.

By reducing the amount of private information we’re requesting, we’re able to reduce the perceived privacy cost to our members and visitors. We give them control over the information they provide or choose not to provide.

Be Transparent about How You Use Information

This one’s a tough one to communicate to less savvy staff members, but absolutely critical. If you live in the European Union, you probably already have a legal obligation to do this under the GDPR (General Data Protection Regulation), but regardless of where your congregation is, it’s a good principle to follow. Any time you’re gathering personal information from a member or visitor, perhaps most especially contact information, it’s important to let them know how this information will be used. A simple, plain language statement like, “We use your birthday to send you birthday cards and to pray for you in particular on your special day. We’ll also send our monthly newsletter, unless you’d prefer to receive it by email (just check the box for that above.) We don’t sell our mailing lists, period. Basic information (such as weekly attendance and membership) gets shared with our national church body, but your personal information does not get passed on.” As always, if you’re concerned about the legal implications of a statement, make sure to consult an attorney familiar with your local laws. In any case, a simple, direct statement of how you plan to use information will help make everyone more comfortable sharing their info.

Stick to It

This seems obvious, but let’s be honest. Every congregation is one building project or capital campaign away from someone suggesting, “Well, we could just email everyone in our database.” It’s cheap, it’s easy, and it’s sometimes even successful. Depending on where you live, it might also be illegal and could result in massive fines for your congregation or ministry. Beyond that, it violates a fundamental principle of trust and transparency that should undergird everything you do with members and visitors. You’ve been entrusted with information for very explicit, specific purposes, and violations of that only serve to erode the trust your people have in you, making them less willing to share in the future. In the case of a new communication type or medium, it’s generally permissible to send a single message that enables readers to opt-in to the new category or medium, but if they choose not to do so then that choice must be respected. If you find you’re sending out more than one or two of these sorts of messages every year, you might need to evaluate your overall communication plan to determine if the rapid changes in communication are actually accomplishing the purposes set for them.

Wrapping Up

In the end, personal information (and the resulting loss of privacy) should be treated just like any other resource where there’s a scarcity in community. Ask for as little as you need, and don’t waste it. Don’t abuse what’s been entrusted to you. Respect people’s boundaries, and give them the ability to say no. Both your communication and your community will be better for it.

Subscribe to the blog to receive notifications about more content like this.

Subscribe to the Blog »

Previous Article
15 Things Every Church Must Have in Its Technology Stack
15 Things Every Church Must Have in Its Technology Stack

When I was young, I used to collect and trade baseball cards with the other kids in the neighbor...

Next Article
How to Find Joy in Your To-Do List
How to Find Joy in Your To-Do List

I’m always impressed by a good marketing strategy, and the folks at Netflix have shown once agai...