Whether you are a church, school, conference, or union, chances are you have a website. As a great tool for your ministry, websites can be used to keep your members or employees up to date on what is happening with your ministry. Your online presence provides a place for visitors to quickly contact your organization.
Websites will often collect information from users to better cater to the users’ needs. Because of this, websites have a privacy policy and a notice letting their users know they are collecting information from them. It is often one of the first things you see when you go to a website for the first time.
If you have a website, it’s important that you also have a privacy policy available for all visitors to see.
"If you have a website, it’s important that you also have a privacy policy available for all visitors to see."
What is a privacy policy and does my website need one?
“A privacy policy is essentially a statement that you make on your website that outlines to the visitors of your site how you deal with the information you gather about them. This includes what you purposefully collect and store, how you protect that data, and how you will use it,” says Tony Vargas, chief information officer for Adventist Risk Management, Inc. “The collected information includes where they are visiting from and other statistical data. It can also contain information you ask them for such as their names, numbers, physical or digital addresses and more.”A privacy policy is required by law if you are collecting data or if you are in a regulated industry. It allows your organization to be transparent with your visitors. Making this policy publically available will ensure visitors have access to the policy at all times and are aware of what happens when they are on your website.
What if my website does not collect any personal information? Do I still need a policy?
It is a wise decision to include a privacy policy on your website to protect the privacy rights of your congregants and others who may share personal information while on your site. In fact, that is exactly the kind of information your policy should provide. TermsFeed states, “People care a lot about their privacy, especially when it comes to the use of their personal information online…It’s also a great way to show users that you can be trusted, and that you have procedures in place to handle their personal information with care.”Remember: the privacy policy allows you to be transparent with your site visitors about what happens when they visit your site.
“As long as you stick within your policy guidelines and those guidelines follow legal standards, you receive a level of protection,” says Vargas. “You are letting visitors know what you are doing and if they do not agree with your policy, they can and should leave your site.”
Also, you must be transparent about any third-party vendors that collect and store visitor data. Third-party sites will have their privacy policies, and you must make it clear to your visitors that their policies may differ from your own.
How do I get started on creating my website privacy policy?
Here are basic guidelines* to consider as you get started creating your policy. Some of these include:- What information you are collecting
- What you will do with the information
- How you collect the private data
- How you store the data
- How you protect the information collected
- What period of time you hold collected data
- Who within your organization has access to the data
“You must outline to your visitors not only how you use the collected data, but also how you will keep the data safe,” says Vargas. “Ask for help from your local conference attorney to ensure you create an adequate privacy policy and that the information you are collecting is, in fact, being protected as it should be.”
You MUST outline to your visitors not only how you use the collected data but also how you will keep the data safe.
Key Privacy Policies Outlined by Several Countries*
In the United States, several federal and state laws govern the collection and use of personal data. At the federal level, the Privacy Act of 1974, the Electronic Communications Privacy Act of 1986, and the Children’s Online Privacy Protection Act of 1998 are some of the many laws regulating data privacy. The following states have enacted legislation specifically requiring websites to conspicuously post their privacy policy: California, Connecticut, Delaware, Nevada, and Utah.In Australia, the Privacy Act of 1988 and the Enhancing Privacy Protection Act of 2012 created the Australian Privacy Principles, which requires certain businesses to have a “clearly expressed and up to date” privacy policy.
In Canada, the Personal Information Protection and Electronic Documents Act, or PIPED Act for short, governs how companies obtain, use, and disclose personal data in the course of a commercial activity. Companies covered by the Act are required to obtain an individual’s consent when they collect, use, or disclose that individual’s data. Currently, Quebec, British Columbia, and Alberta have passed similar laws.
In the United Kingdom, the 1998 Data Protection Act outlines privacy principles for all companies and regulates how companies can obtain, use, store, or disclose personal data.
In the European Union, the Data Protection Directive and the new General Data Protection Regulation controls data privacy and require companies operating from the EU to obtain consent for the collection and use of any data.
