Templates for staff training related to sharing directory access and a use of information guideline for attenders.
This article is referenced in this blog post about phishing.
Guidelines for staff before giving passwords or access to the directory.
When someone calls, texts, or sends an email requesting access to the church directory in any format, ALWAYS VERIFY the identity of the person making the request before giving them access. This is a common tactic for phishing schemes by bad individuals looking to get people to send them gift cards or other things using public information they found on our website or other places. Here are some legitimate ways to verify their identity.
- If an email or text, call them.
- Check their information in the database.
- If they are not there, share that you are not at liberty to share a directory with them.
- If their information in the database is limited to information they could have added from a digital connection card or other registration, you are not at liberty to share that access with them.
- Verify by looking for information like Notes, Attendance, or Giving (if you have access).
- If something seems strange about the request, don't give access.
Privacy Policy Examples
Here is a simple Privacy Policy page developed by Churchteams that you are free to use and edit.
Here is an example of the much more thorough Privacy Policy from Saddleback church. You can Google to find examples from other churches.