It is recommended that local churches have a privacy policy in place to protect individual’s personal information. Below is a sample from CCCC.
Please note that:
- This sample document is provided as a general guideline to assist CCCC member charities.
- This information does not constitute legal or other professional advice.
- Appropriate modifications are required to suit the facts applicable to each situation.
- Where the intent is to use this sample, it should be provided to legal counsel along with appropriate instructions to meet the specific needs and circumstances of the charity.
You may also use the FMCIC Privacy Policy at https://fmcic.ca/privacy-policy as an example.
CCCC Sample Privacy Policy
(suited for affiliated churches, i.e. those in a denomination, conference, etc.)
In view of the unique nature of church membership, CCCC has developed the following draft Personal Information Privacy Commitment Statement and Privacy Policy for churches which are affiliated within an organizational structure such as a“Denomination,” “Conference,” “Fellowship,” etc.
Every CCCC member church may use this draft sample policy on the understanding that:
- it is not legal advice,
- it requires adjustment to fit each unique situation of each local church,
- it is consistent with the governing documents of the denomination, conference or fellowship with which it is affiliated, and
- it requires review by the church’s own legal counsel to ensure that it meets all legal requirements in the jurisdiction in which the church is located.
Please see Privacy Polices for more information.
__________________ CHURCH
PERSONAL INFORMATION PRIVACY COMMITMENT STATEMENT
In accordance with applicable laws, ____________________________ Church (the “Church”) is committed to protecting the privacy of its members, adherents, donors, volunteers, employees, directors, officers and any other persons about or from whom the Church collects personal information. The Church embraces the principles of the Canadian Standards Association Model Code for the Protection of Personal Information to ensure that all personal information is properly collected, used only for the purposes for which it is collected and is disposed of in a safe and timely manner when no longer required.
In being, or becoming, a member or adherent of the Church, it is recognized by all such individuals that the Bible portrays believers as members of one body (see I Corinthians 12). This requires the sharing of personal information with the body. [Further, it is recognized by the body that the Church is affiliated with the ________________________________________ (the “Denomination,” “Conference” or “Fellowship”).] Because of that affiliation, the Church, its members and adherents by voluntary implied contract submit to, and are bound by, the [Constitution or other governing manual] of the [Denomination, Conference or Fellowship].
Except for the above implied consent to collect, use and retain personal information, no personal information will be sold, rented, leased or otherwise made available to any person without the explicit consent of the member or adherent. Except as otherwise required by the [Constitution or other governing document of the Denomination, Conference or Fellowship] or the operation of law, every member and adherent has the right, at any time, to withdraw his or her implied or explicit consent for the use of his or her personal information for any or all previously authorized uses.
With respect to the privacy of personal information the above means that all members and adherents have given their implied consent to use their personal information for all internal purposes of the Church, [Denomination, Conference or Fellowship] and its agencies to the extent that such use is in agreement with the [Constitution or other governing document] and the pronouncement of [the title of the governing body of the Denomination, Conference or Fellowship] from time to time, provided that such body shall not provide personal information to agencies that are not directly operated, or wholly controlled, by the [Denomination, Conference or Fellowship] to carry out its ministries.
Other persons or organizations who act for, or on behalf of, the Church are required to comply with the principles and the Policy and will be given restricted access to personal information solely to perform the services they may be retained to perform for the Church.
The Church has designated _________________, to be its Privacy Officer. Any inquiry, request or concern related to privacy matters should be made in writing to him, to be contacted at:
Privacy Officer
_______________________________ Church
Address: ___________________________________________________________________
PRIVACY POLICY
In accordance with applicable laws, ____________________________ Church (the “Church”) is committed to protecting the privacy of its members, adherents, donors, volunteers, employees, directors, officers and any other persons about or from whom the Church collects personal information. The Church embraces the principles of the Canadian Standards Association Model Code for the Protection of Personal Information to ensure that all personal information is properly collected, used only for the purposes for which it is collected and is disposed of in a safe and timely manner when no longer required.
1. Accountability
The Church is responsible for maintaining and protecting the personal information under its control. The Church has appointed a Privacy Officer who is responsible to ensure that the Church complies with its privacy obligations in accordance with applicable privacy laws.
2. Identifying Purposes
The Church collects and uses personal information for a variety of purposes including, but not limited to,
- providing services to individuals ministered to by the Church;
- establishing and maintaining members lists;
- managing payroll and benefits;
- employee performance evaluations;
- establishing and maintaining lists of donors.
The Church shall identify and explain the purposes for which it collects personal information, to the person from whom the personal information is being collected, before or at the time the information is collected.
3. Consent
Consent will be obtained from the person whose personal information is collected, used and disclosed, unless obtaining the consent would be inappropriate or not required by law. Sometimes the person’s consent may be implied by virtue of their membership in the Church or because of the person’s conduct within the Church. When it is appropriate, written consent will be obtained.
Written consents will be kept on file for as long as the information is reasonably necessary. A person may withdraw his or her consent at any time, subject to legal or contractual restrictions and reasonable notice. The person will be informed of reasonably foreseeable implications of the withdrawal.
4. Limiting Collection
Information collected will be limited to that required for the purpose or purposes identified by the Church. The Church is committed to collecting personal information in a fair, open and lawful manner.
5. Limiting Use, Disclosure and Retention
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the person or as required by law. All collected personal information shall be destroyed, erased or made anonymous as soon as the purpose for which it was collected is no longer relevant, or as permitted by the law. Nothing in this Privacy Policy prevents the elders or pastoral staff from collecting, retaining and using information related to individuals ministered to by the Church, since such information assists in providing quality services to those ministered to.
6. Accuracy
Personal information shall be maintained in as accurate, complete and up-to-date a form as necessary in order to fulfill the purposes for which it was collected.
7. Safeguards
Personal information will be protected by security safeguards that are appropriate to the sensitivity of the personal information. This safeguarding could include physical measures such as locked filing cabinets and premises security, organizational measures such as restricted access to files with personal information or technological measures such as security software.
8. Openness
Information regarding the privacy policy of the Church, as well as the personal information management, shall be available as requested. The information will include:
- Name and address of the Privacy Officer
- Means of gaining access to personal information held by the Church
- Copy of any brochures or other information that explains the Church’s policies, standards or codes
9. Access to Personal Information
Access to personal information will be granted, where the Church is legally required to release the information and provided that the disclosure does not violate any applicable statutes or contracts, to the person to whom the information pertains where there is an appropriate written request. The existence, use and disclosure of the personal information will be granted within a reasonable period of time. Any inaccuracy or incompleteness of personal information will be amended as required.
10. Challenging Compliance
Complaints or inquiries about the collection, use, disclosure or retention of personal information and the Church’s compliance with these ten principles should be directed to the Privacy Officer. The Privacy Officer will investigate complaints and ensure that appropriate measures are taken.
- This sample document is provided as a general guideline to assist CCCC member charities.
- This information does not constitute legal or other professional advice.
- Appropriate modifications are required to suit the facts applicable to each situation.
- Where the intent is to use this sample, it should be provided to legal counsel along with appropriate instructions to meet the specific needs and circumstances of the charity.