Privacy Policy

Guidelines on Privacy and Protection of Personal Identity and Data

Danforth Mennonite Church

January 19, 2022

As a Christian church community, Danforth Mennonite Church is committed to building one another up in the faith and living in witness and service to the neighborhood around us. We strive to be welcoming, to keep in touch with those in our church, and with the broader faith community.

We recognize that our world has changed significantly in recent decades, and while we want to freely share information, meetings and resources with one another, that there are inherent risks for harm and misuse of information. As an Ontario registered charity we are also subject to provincial guidance on matters of individual privacy and protection. https://www.ipc.on.ca/  There is a range of guidance and legislation shared on digital health, big data, and specific matters related to sharing and protecting personal data. The Canadian Council for Christian Charities also provides guidance ad samples for the basic tenants of the province’s legislation. CCCC_Privacy_Policy.pdf

Provincial legislation requires organizations (including registered charities) to take responsibility for guidance and  a “program” for  protection and safeguarding of individual privacy. However, we are mindful to “right size” for our very small congregation, where we use limited digital channels outside of Zoom, email and MS Office suite of programs that are highly secured. We need to be both pragmatic and responsible. Currently, we think it is prudent to document general guidance on the use and public sharing of personal identities and information of Danforth members and adherents, data protection and cyber security.

In the past, we have followed good judgement and common sense in our practices already. We will continue with those practices as general guidance for our congregation, specifically:

  •  Member and adherent financial data and transactions are confidential and not available to anyone in the congregation. They remain with the care and stewardship of the DMC Treasurer. Electronic financial transactions are conducted with banks and vendors that have rigorous cyber security policies. The only church data that is public is that which is aggregated for the entire church and submitted to the Canada Revenue Authority by our Treasurer.
  • Member and adherent identity is protected on our website – through news updates, bulletins and other postings – by sharing only the first name and last name initial. Full names of members or adherents are not publicly available on the church website.
  • Email address of Danforth members are included in the church directory upon member or adherent consent
  • The DMC church directory, our list of member and adherent contacts is not externally available or shared, and is not placed on the church website.
  • Email addresses in bulk congregational emails from the Church office or Committees are placed in “bcc” to prevent explicit sharing of member or adherent email addresses.
  • Personal requests for prayer or sharing are not recorded in audio, in print (unless members chose to) or uploaded to the church website.
  • We obtain consent (usually by “opting out of” agreement) from individuals when having photographs of them taken at church events and activities.
  • The job descriptions of key Committee members and Church employees, e.g. the Pastor, the Admin Assistant, Council and other relevant Committees highlight the importance of maintaining confidentiality in those roles.

 

Going forward, we will also uphold guidelines for protecting the identity of individuals, personal data through the following:

  • Ensuring the cyber security of the church website, personal and financial information by using up-to-date, and officially licensed software (e.g. Windows or other operating system, anti-virus and malware software, operating programs including Word and MS Works suite of software, and QuickBooks for financial records). This ensures that regular software updates are made, that often address weaknesses or enhance security.
  • Danforth software is used for church business and activities only. Passwords are restricted to authorized users and changed from time to time.
  • Members using DMC software and computer do so for church-related purposes, not for personal purposes. It is not used to gain access to unauthorized or malicious sites, do not download illegal or malicious software and are informed and take due care to recognize and minimize cyber security threats (e.g. phishing, suspicious emails or requests, etc.)
  • Church records – financial, administrative, registries, minutes and other church data -- are stored and backed up regularly and securely. Storing data on public software options (e.g. Google Drive or QuickBooks) may transfer risks from individuals to these third parties. It does not eliminate all risks.
  • Digital and hard copy documents are retained based on policies that are updated from time to
  • Digital or hard copy resources such as newsletters, photos, photo albums, recorded Zoom services, recorded and uploaded services, videos will be stewarded responsibly. If circulated or shared, they will be circulated for personal use only and not for public sharing on social media, online presence or on the DMC website.
  • Currently, sharing digital resources will be done through the provision of links to protected and secure sites, for members to download (e.g. Google Drive, Dropbox). Sharing resources through USB memory sticks or email attachments should be done carefully to avoid limitations on email size, messages sent to spam, or sharing viruses through sharing devices.
  • Personal messages from members to others will be private and confidential unless consent is given to share them with others 
  • Children’s images on public or social media will be protected and not shared. In some cases, parents or guardians may choose to offer consent. However, their identity will be protected in all cases.
  • Sharing church records with Mennonite Church archives (Conrad Grebel archives for Ontario) will include official records made available to the congregation through regular church activities, like bulletins, Council minutes, AGM reports and our Newsletters. In some cases, archives may include more personal information. We rely on the confidentiality, security and privacy policies of the archivist to protect personal information as needed. Mennonite Church archives are governed by provincial and federal Canadian regulation.

 

These guidelines will be updated from time to time as necessary, and as our context continues to change. Final approved Jan 19 2022