Your church has a big red target on it. All churches do. When it comes to the data your church has in its possession, you have three characteristics that make you the kind of organization that those with bad intentions love to go after.
- You want to help people, so you want to believe the best in others (admirable but also dangerous).
- You store a wide range of sensitive information (including financial information on congregants!).
- You likely depend upon volunteer labor.
It’s no wonder churches have become a major target of malware, phishing scams, and other IT security problems in recent years.
Church members are still getting emails supposedly from their pastor asking for gift cards. It’s a five-year-old scam that has specifically targeted places of worship. Churches are easy targets.
Why Data Security Matters
You’re responsible for a large amount of important data that your congregation entrusts to you each week. You need to take care of what they give. Here are five reasons this is important.
1) You care for your congregation when you care about their data
The people who attend your church give you some of the most sensitive data in their lives, including their email addresses, phone numbers, credit card numbers, and information on their children. You may have counseling notes saved somewhere in your digital infrastructure.
Just like anything else your congregation hands over to you, they expect you to take good care of it. Your church is a data steward! People realize you care about them when you care about the personal data that is put in your hands on a weekly basis.
By the way, this is why you need to make every effort to communicate the steps you’re taking to care for the data of your congregation. Every once in a while, put a note in your church bulletin describing your data policies. Include information on it in new member materials. Maybe even include a note in messages to guests. In today’s world, you want people to know how much you care about the data they give you.
2) You protect your financial future when stewarding your data
Businesses and nonprofits lose millions upon millions in data breaches each year. In 2023, the average cost for a data breach reached an all-time high of $4.45 million. Unless your church has millions of dollars sitting around with nowhere to go, you need to care about how you protect your data.
Not only do you need to take into consideration the money that’ll get taken but also the costs required to fix what’s broken and repair the damage to your church’s reputation.
3) You obey the laws of the land
Most churches likely give little thought to data privacy and security laws. To be fair, until the last several years, no one paid much attention to them. But the more churches embrace the digital revolution of the last three decades, the more these new laws apply to them. Here are a few examples of international, U.S., and state-specific laws that might relate to your church.
- General Data Protection Regulation (GDPR): This European law got the ball rolling on digital data privacy legislation. Although it’s a regulation for the European Union (EU), it’s applicable to any organization that offers goods and services or monitors the behaviors of people in the EU.
- Children’s Online Privacy Protection Act (COPPA): If your church engages anyone under 18, you’ll need to get parental consent to hang on to their data.
- Financial data protection laws: You’ll have certain specific legal responsibilities to consider if you take donations.
- State-specific laws: Starting with California a few years ago, several U.S. states developed their own state data privacy laws. Most people in the data security business believe the rest of the states will soon follow suit.
Of course, these laws above are just examples. There are others. Some have exceptions for religious organizations, but not all of them. You want to set a good example in your community and follow the laws of the land on this issue.
4) You’re safeguarding a valuable resource
Data has value today. Of course, some of that value is financial. But for your church, it’s much bigger than financial value. It’s missional value. You can use the data entrusted to you to serve your congregants better, to engage them in eternally important conversations.
You want to safeguard your data so that you can trust it to engage your congregants in the mission God has called you toward.
5) You protect the reputation and witness of your congregation
Your church pays a major price when you get hit with a data security breach. It risks showing your community that you can’t be trusted with anything they give you. As you’re trying to reach people in your community, they need to trust you with more than their data. They’ll hand over their time, their money, and their children to your care. They want to know you’ll steward their data well, or they may not give you a chance to care for the other areas of their lives.
First steps for your church on data security
So what can you do about it? Data security can be a scary topic for churches. Even if you’re on board with how important it is for your church, where do you start?
1) Perform a simple assessment
You need to have a good idea of what kind of data your church is responsible to steward. Gather a group of people from different areas of the church. If your church has different staff teams, make sure all of them are represented. Spend some time brainstorming the data you’re storing. Obviously, if you have an IT leader (or even a volunteer in the industry), invite him or her. But it’s likely even your IT director won’t know everything you have.
A starting point might be: financial records, membership records, website data, children’s ministry records, counseling notes, general office documents, etc.
Eventually, you’ll want to go beyond just seeing what you have and discerning your risks and how to mitigate those risks. But this is a good place to start.
2) Create a data-security policy
This is a must. Every church needs a data-security policy. Truth is, you need it sooner rather than later. A data security policy tells everyone, community and congregants alike, how you’ll care for their data. It’s a set of guidelines and practices that’ll guide your staff and volunteers in how they manage data. As mentioned earlier, it’s something you communicate far and wide to build trust in your volunteers and staff.
3) Get help
Data security isn’t something you should try to tackle on your own. God has called your church to reach your neighbors and serve your community. You probably do that well. Bring in experts in the field to help you care for data more effectively.
Higher Ground can partner with you to make sure your tech is as secure as possible. For more information, visit the Higher Ground website.
ACS Technologies
ACS Technologies sets a new standard in church technology, offering a holistic suite of solutions that streamline administrative tasks and empower your staff to excel in their roles and your church to excel in your community.
In the ever-evolving landscape of church engagement and management, ACS Technologies rises above the rest. Our comprehensive church solutions, bespoke digital offerings, streamlined communication tools, comprehensive ministry consulting, and training make us the trusted choice for over fifty thousand churches. Experience the ACS Technologies advantage and elevate your church’s online presence, connectivity, and generosity today. Join us in redefining church technology for the digital age, where your ministry’s success becomes our shared mission.
