When First Baptist (not the church's real name) hired a network engineering firm to help them with their computer system, they never dreamed they were inviting in thieves. But when employees of the firm saw the scope of information saved in the church's database, they copied it and rented the list to businesses that wanted to reach people in their community, segmenting it by various demographics—including contributions!

Data is one of the most valuable assets a church has, but trying to figure out what it's worth so we can adequately protect it is challenging. Protecting data isn't difficult, but the task must be approached as deliberately as the fire and security protection we apply to our church buildings.

The first step is to recognize that your church has different kinds of data, and classifying data helps set a value to strategically protect it. While some data is mission-critical, other data is merely convenient. The difference is often found in answering the question, "What would happen to our church and our ministries if this data was made public or was destroyed?"

Data that might be considered mission critical includes:

Databases. Databases contain names and contact information, and sometimes include contribution, attendance, baptism, and other data that help us serve our congregations. Unfortunately, most churches have more than one database. In addition to lost efficiencies and synergies, multiple databases add complexity to the task of data protection. Church databases can include true databases, spreadsheets, document files, contact lists, and, of course, the Rolodex™.