How should we protect personal information given to the church?

Templates for staff training related to sharing directory access and a use of information guideline for attenders.

This article is referenced in this blog post about phishing.  

Guidelines for staff before giving passwords or access to the directory.

When someone calls, texts, or sends an email requesting access to the church directory in any format, ALWAYS VERIFY the identity of the person making the request before giving them access.  This is a common tactic for phishing schemes by bad individuals looking to get people to send them gift cards or other things using public information they found on our website or other places.  Here are some legitimate ways to verify their identity.

  1. If an email or text, call them.  
  2. Check their information in the database.
    1. If they are not there, share that you are not at liberty to share a directory with them.
    2. If their information in the database is limited to information they could have added from a digital connection card or other registration, you are not at liberty to share that access with them.
    3. Verify by looking for information like Notes, Attendance, or Giving (if you have access).
  3. If something seems strange about the request, don't give access.

Example Use of Information statement

Here is an example of Saddleback's Privacy Policy that might be a more thorough, and helpful guide.  You can Google to find examples from other churches. 

Here is a very simple statement.

Our church uses the information you provide to protect, care for, disciple, and communicate with you and your family according to our purpose of "being and making disciples."  Community is an important part of this process, so we provide a password protected directory to adult members to help foster personal relationships.  This information is not to be used for lead generation or other business purposes.  If you are contacted about something that doesn't seem right or needs verified, please call the church office.