A church that meets in the Iowa Correctional Institute for Women says its former administrative assistant, who is also a former inmate, used volunteers' personal information to steal 40 identities to open credit cards, according to the Des Moines Register. Social Security numbers, birth dates, and other information are required from volunteers to gain entry into the facilities. The church's leaders believed all documents with personal information were secured.
While few churches meet in correctional facilities like this one in Iowa, this news still serves as an important reminder of the precautions leaders can take to safeguard the sensitive information about their staff and members that churches possess. Identity theft is a major issue in the United States, topping the Federal Trade Commission's list of consumer complaints in 2010. A nationwide survey by Javelin Strategy & Research reports that 8.1 million adults in the U.S. were victims of identity fraud in 2010. The mean consumer out-of-pocket cost was $631 per incident in 2010, according to Javelin.
For churches to help protect their members from this threat, they can follow these best practices written by Richard Hammar for Creating a Church Office You Can Trust, a downloadable training resource:
- Keep confidential information in a locked, fireproof file, and give the keys to a designated person, such as the treasurer or senior pastor, depending on the nature of the records involved.
- Confidential information is often stored as files on church computers, and steps must be taken to restrict access to this data by unauthorized persons.
- Confidential information should not be disclosed to persons without a legitimate need to know.
- The church board should consider adopting a covenant of confidentiality each year. This means that board members sign a covenant agreeing not to disclose any confidential information shared during board meetings without the unanimous consent of the board.
- Pastors often maintain counseling notes or other highly confidential records, and steps must be taken to ensure the proper disposition of this information in the event of the sudden death or incapacity of the pastor.
As mentioned above, confidential information on church computers should be carefully secured. Not only should church leaders decide which church workers have access to certain computer files. They should also guard against outside individuals and groups trying to access files on church computers through the Internet. Protecting Electronic Data, another downloadable training resource for church leaders, explains:
Computers allow churches to collect and store vast amounts of personal information. Unsecured, this data is vulnerable to computer criminals—putting your ministry and church members at risk. … Thanks to the Internet, your computers are exposed to millions of people every time you're online. This group includes hackers, identity thieves, and others intent on harm.
Updating virus and spyware protection and installing firewalls are some of the ways to stop outside groups from accessing a church's computer system.
This content is designed to provide accurate and authoritative information in regard to the subject matter covered. It is published with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal advice or other expert assistance is required, the services of a competent professional person should be sought. "From a Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations."
Due to the nature of the U.S. legal system, laws and regulations constantly change. The editors encourage readers to carefully search the site for all content related to the topic of interest and consult qualified local counsel to verify the status of specific statutes, laws, regulations, and precedential court holdings.