Canadian Baptist of Western Canada

Steps to Protect Privacy at Your Church

P1. Assign a Privacy Officer or Team

Put someone (or a team) in charge who has responsibility to review all aspects of privacy in
your church. To ensure accountability and ‘corporate memory’ it is often best to assign a staff
person as Privacy Officer or at least to make a staff person part a member of a privacy team.




2. Get Educated

  • The Privacy Officer should learn about privacy legislation and share that knowledge with staff and congregants.
  • Don’t assume rumours about the impacts of legislation are true. Find out.

3. Assess

Find out how your church deals with personal information. What information do you collect?
Why? Do members know the information is being collected? Do they know why? How is
information collected? Who has access to the information? How is it stored? How long is it
kept? When is it destroyed? What happens if there is unauthorized access to information?

4. Compare

  • Compare your practices to the requirements of legislation.
  • Contact the CBWC’s Privacy Officer Bill Mains, who is also available through the Vancouver office.
  • Contact other churches to learn from them and share information.

5. Develop Privacy Policies and Practices

Privacy policies should cover:

  • Type of information gathered
  • Uses of information
  • How you will ensure accuracy of information
  • Storage and disposal of information
  • Ways to gather information
  • Ways to erase or delete information
  • Security measures
  • Staff’s personal information about employment

Put all policies and procedures in writing. This provides easy, authoritative reference and
ensures there is an ‘institutional memory’ of policies and practices.

6. Train

Train staff in:

  • the principles, policies and practices of your church.
  • How their jobs are affected
  • What to do if security is violated – how will you assess harm? Who will be notified, when, how and by whom?

7. Inform

Let your members know:

  • what information is collected
  • why information is collected
  • how information will be used
  • your church’s privacy policies and practices
  • how individuals can access information about themselves
  • where individuals can get more information about privacy legislation, policies and practices

Add notices about privacy policies & practices, including purposes for the information collected
to forms, documents, websites, publications etc.

8. Enforce

Update staff contracts and volunteer forms to clarify that the church is legally responsible to
protect personal information and set out expectations about how individuals will collect, use or
disclose information.

9. Update

  • Keep your policies and procedures current by reviewing them annually.
  • Annually review what information is collected, by who, how, and why.
  • Regularly update information to add new information or delete old/unneeded information. For example, get congregants to verify and correct information in directories annually, and sign off on it
  • Annually review stored information for accuracy, purpose of storage and security.