Why Bother with Data Privacy? After all,​ it’s only data!

I have tweaked my website to reflect my focus on Data Privacy, in particular, Congregational Data Privacy.  What you read in this musing is the opening pages of the site with some additional comment.

 Keep an open mind, and maybe we will arrive at the same place in time where the Missional Church meets the Fourth and Fifth Industrial Revolutions of the technology of today.  It is through innovation, pastoral education and a community of collaboration that we all come to understand what it means to “protect the personally identifiable data” of our congregations and service organizations similarly to how financial institutions protect our data.

        “When it comes to privacy and accountability, people always demand the former for themselves and the latter for everyone else.” David Brin

 Fundamentally, we are living in an age where data privacy is of the utmost concern. I am guessing that four out of six people reading this have been affected by a data breach within the last sixty months.  What I would even venture to imagine every single one of you knows someone who has been affected by a data breach.  You see the frustration and the horrible experience they endured in the process of cleaning up what may have happened to them if nefarious individuals used their data.  It is not that your congregations and the people you serve don’t trust you with their data, they do trust you, it is the availability of that data to a multitude of bad actors in the world that you should not trust.  I like to make an analogy to data privacy and protecting the data to an archeology expedition.  In the picture on the opening page of my website, you see people from all walks of life of all religious beliefs and denominations around their city.  Below the street level is a team digging for historical treasures.    In the world of technology and cyber, bad actors are making it their career to engage in expeditions of your data, privacy, and confidential information.

 As churches, judicatories, synagogues, missions, and denominational service organizations you must collect vast amounts of data to bring about the greater good of the Missio Dei.  Data that is highly personal and confidential is imperative to the daily operations of people meeting and coming to know the living God through our work and mission. Congregational data is often as valuable, if not more so as the data held by financial institutions and usually contains more personal information.

 Just as we share personal and confidential information with financial institutions, medical providers, and even the government, as stewards of the people of God, we must do our best to protect that data and limit who has access to that data in a “needs to know” basis.

 Churches, judicatories, synagogues, missions, and denominational service organizations in all of their various organizational structures must answer the same questions financial institutions have been explaining for the past ten years to their regulators.  For stewards of the people of God, this becomes an ethical and moral imperative.

 Share these questions with your team and then sit together and compare answers.  I think you will be surprised.

  • Does personal data exist in any format in your organization and under your supervision?

  • What is your responsibility in protecting peoples privacy?  Who is responsible on a daily basis? Who has access to the data?

  • How does your organization understand Privacy?  What does your staff think privacy means as it pertains to data?  What does data mean to them vs. information

  • Does the team assume the risk inherent in retaining data for more extended periods of time than necessary? Does your organization know how long you should “hold on to” people’s data? How should you dispose of people’s data?

  • Is there an understanding of “What do we know and What we don’t know about data and privacy?”

  • How can you, as a servant leader, be sure the infrastructure you have in place protects all of your data? (Hint, just saying you have a firewall is not the correct answer)

  • Do you have a  “privacy policy?” Is the policy understandable by those you serve who have reached the “age of reason?”  Does the policy meet all the best practices of a Privacy Policy?

  • Do you understand how your “operational” applications compute and store the data and information you enter?  Do you know if your applications are using artificial intelligence, quantum computing, and the Internet of Things connectivity to process, compute and store information?  Are your applications vulnerable to be hacked?

  • Do you use Software as a Service? Cloud Service? Do you know the location of your data?  (Hint: Just because you use a US company you cannot assume the data is in the US)  You may be subject to data privacy laws of the country of storage.  As servant leaders do you understand you are ultimately responsible for the privacy of data even if you have outsourced the custodianship of that data to a third party?

  • Do you understand “Processing of information” includes by definition, obtaining the data in the first place, disposing of data and even merely holding data?

  • Does your congregation or the people you serve give you written consent to processes and storing their data?

  • Do you know what data is on the computers, laptops and mobile devices of your staff if they are using those devices in their ministry?  Are the information and data protected?  What would happen to the data if the device is stolen?

  • Do you store financial records of the people you service such as credit/debit cards, bank account information, tithing data, and other donations?  What are the privacy parameters of this data?

  • Do the members of your congregation have the option to be “forgotten” after they pass on or leave to join another church or organization?

  • Could you describe in laypersons terms how the data privacy aspects of the technology functions and operates in your organization?

The ultimate answers to the above questions will serve as the starting point and your guide to creating your privacy policy and implementing your data privacy program.

visit our website:  http://www.innovate-educate-collaborate.com

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s