Your Privacy Policy

By Chris Jefferson

Almost every church and parachurch ministry has a website, and many collect data from those who visit their site. 

To manage this information well, the first step””too often overlooked””is a privacy policy.

At no time since the Pax Romana have ministries been better equipped to share the gospel and fulfill their mission than in this digital age. Back in the first and second centuries, the intricate road systems of the Romans allowed missionaries””gifted with common Greek and ease of worldwide travel””to connect with cultures far and wide to spread the gospel. Today, digital connectivity provides a new road into nearly every household, culture, and people group through the Internet. 

Yet few churches and ministries are prepared””or inclined””to use this amazing tool to effectively impact their own congregations, communities, and cultures beyond.

The United Nations, Facebook”s Mark Zuckerberg, and Michelle Obama have called for Internet access to become a universal human right, and Cisco is projecting more than 10 billion mobile connected devices operating globally by 2018. This means ministries soon may have the means to access and evangelize nearly every connected culture on the planet. The question is, will Christians be ready to use these gifts from God to effectively spread his message?

 

The First Step

A church or ministry website is a powerful communication tool. Nearly everyone has one. But advances in technology continue to grow the capabilities and capacities of the Internet, and websites have become more sophisticated than just one-way communication tools. Data collection and management for program registration, e-mail requests, and online giving are often automated and carried out as a function of websites, helping build ministry databases.

The advent of cookies (bits of code dropped onto visitors web browsers to identify them and manage their data) are being used by many churches to identify members, donors, or visitors. This is good. Cookies enhance the ministry database and website users” experience. 

But few churches and ministries are mindful of the regulated responsibilities required with managing personal identity information (PII). Even fewer have employed the necessary tool””the privacy policy””to protect their congregant”s or donor”s PII, protect themselves from potential legal challenge for being out of regulatory compliance, and serve their site”s users notice that their information is valuable in helping fulfill their missions.

Modernizing and managing data collection can help ministries fulfill their mission. But ministries that collect data online must be sure they”re complying with regulations designed to protect their users” information. 

It is surprising how few churches and ministries adhere to or post a privacy policy on their websites. If your ministry website has a registration form, provides the electronic means for online giving, or promotes events that require the management of any kind of data about a congregant or donor, then there needs to be a privacy policy as a point of respect, protection, and regulation compliance. 

 

Inform, Respect, and Protect

A ministry is responsible for managing the relationship with its members and donors.

“A good privacy policy is a kind of agreement between an organization and the individual web visitor,” says Matthew Tindle, web services director at Wiland Direct, managers of the nation”s largest transactional database. “A respectable organization will propose rules to govern its relationship with its web visitors that are clear and accessible to them.”

Tindle believes there are three underlying intentions a privacy policy must work to communicate. The first is the desire to be transparent with the web visitor by informing him or her that their visit to your site and their offering of any PII is subject to the holding, management, and use of that data for specified ministry purposes. In the data management industry, this is referred to as “notice.” Notice seeks to build awareness of the high value placed on a visitor”s personal information, as well as educating the visitor about the way you intend to use that data.

Because an organization is always seeking to honor its relationship with members or donors, the second intention, respect, should be evident throughout the preparation of the privacy policy document. Data can be impersonal (Are you simply tracking the number of times an IP address visits your site?) or highly sensitive (Do you collect name, address, and credit card information?). While impersonal data requires little to no security or notice to manage, personal information must be respected and properly managed so that the website visitor”s confidence in your care of information bolsters your relationship with him or her.

An important ingredient of respect is choice. Web visitors, members, and donors must always have the right to choose whether or not to share their data (or PII) with you. Reminding visitors of this choice and giving them the opportunity either to continue with confidence in the relationship (by sharing their data and PII with you) or to “opt-out” of the relationship (by providing them with a way to confidently remove their PII from your management) is all part of respecting the relationship between the organization and the individual.

The third essential intention when creating your privacy policy is the intent to protect the visitor”s personal information as well as the interests of your organization. 

By posting a link to your privacy policy in the footer of your website, you responsibly and transparently serve notice to every visitor about the type of data you collect and what you are doing with it. 

By issuing a statement (or notice) to visitors that their continued use of your site serves as their agreement (or choice) to the terms of your privacy policy, you have adequately stated the terms of the relationship. 

By offering them an opportunity out of the relationship (or opt-out), you have satisfied not only the requirements of the online regulatory alliances, but created a defensible position for your organization.

 

Preparing for the Coming Age

In the near future, people will receive, gather, and process information predominantly through mobile devices connected to the Internet. A clue to the growing trend: spending on mobile advertising surpassed television advertising in 2013, and now makes up more than 21.8 percent of all advertising spending in the U.S. 

Perhaps the most compelling benefit to establishing a privacy policy is the opportunity it provides to actively participate in online behavioral advertising (OBA), which is becoming the new road by which to target and reach individuals with your organizational message. OBA allows churches and ministries to model, identify, and target individuals and people groups who are, by their very identifiable digital behavior, most likely to respond to the gospel, attend a church, donate to a ministry, or increase their involvement in your congregation or organization.

How ready is your church or ministry to reach the lost, encourage and fellowship with the freed, discover new ministry partners, and fulfill its mission? OBA is simply another way of reaching out and attempting to share God”s message “by all possible means” (1 Corinthians 9:22). Digital response may be the only way some will be reached in the coming days.

In light of this, progressive ministries will seek to remain culturally relevant by preparing to use the new road of online behavioral advertising to reach their audience, promote their message, and work to fulfill their mission. This requires a comprehensive, transparent privacy policy that offers the website visitor notice, choice, and an opt-out and seeks to inform, respect, and protect by its very intentions.

 

Chris Jefferson is president of PRODONOS, a Longmont, Colorado-based Christian marketing and fund-raising firm specializing in integrated marketing, member and donor discovery through digital direct response, and major donor events.

________

PRIVACY POLICIES MADE PUBLIC: Consult the Digital Advertising Alliance (www.aboutads.info) to discover industry best practices for handling user-based advertising. 

Some good examples of privacy policies can be found at www.generationscc.com/privacy-policy, www.lakewoodchurch.com/Pages/privacy-policy.aspx, www.cdfonline.org/privacy-policy, and bigstuf.com/privacy/.