Privacy

Privacy statement

Application of the Personal Information Protection and Electronic Documents Act (PIPEDA)

An initial report to the Council of Waterloo CRC in regards to the use of personal information within the church put together by Irene denBak-Lammers and Steve Bootsma.

According to documentation from the Office of the Privacy Commissioner of Canada, PIPEDA applies to organizations that collect, use or disclose personal information in the course of commercial activities. Commercial activities are then defined as "any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists."

The Act does not generally apply to charities, associations and other similar organizations.

Although WCRC is not legally bound to follow all of the stipulations of PIPEDA, it would be prudent to make sure that we do not act in a fashion which could be considered inappropriate in today's information age.

Privacy rules can be summarized as follows:

  1. Individuals must be given notice of the proposed collection, including use and disclosure, and the specific purposes.
  2. In order for the data to be collected, used or disclosed, appropriate consent must be obtained with respect to the specified purposes.
  3. The data collected must be protected by appropriate security.
  4. The individual must have access to the data collected, and to details of its use and disclosure.

The following are some areas where Waterloo Christian Reformed Church currently uses personal information, some points regarding the use of this information and some of the steps that may be considered to make sure that we do what is right.

A. Church directory

The church directory currently contains names, addresses, e-mail addresses and phone numbers for the members and regular attendants of WCRC.

  • We assume that most people consent to having that information included in the directory realizing that it will be used for common church purposes. Members of WCRC would not have consented for the information to be used for commercial activities (e.g. as a mailing list for business opportunities, phone numbers for telemarketers, etc)
  • We list the names of all children, but we do not include the year of birth for the children.
  • We control the distribution of the directories as they contain information regarding children as well as other personal information that could be used inappropriately, e.g. names and address of single women. Currently, the directories are placed in the member mailboxes, with extras being placed on a table in the fellowship hall. The hall is an unsupervised location during much of the week, so we do not control who could walk in and pick up a copy.
  • If a member has given contact or personal information to the weekly newsletter editor, we assume that the member has given consent for that information to be published in the newsletter.
  • The photo directory raises other information, connecting images of people along with their location and contact information.

B. Newsletter

The Waterloo Weekly contains information regarding events as well as individuals. The distribution is not closely monitored as they are freely available in the fellowship hall.

  • Full names should only be used with permission of the person mentioned. An announcement placed by someone including their name and phone number would be considered consent to do so. Full names are not always required; for example, "contact John @ 123-4567" is as helpful to church members as is "contact John Doe @ 123-4567".
  • Prayer requests can often have other information implied that may not be appropriate for wide-spread distribution. Full names of people that are in the hospital or who have died may be listed. Often times the person mentioned in a prayer request is not able to consent to the use of their information, although as a church body we realize the need to be able to identify the person (e.g., John S recently had a heart attack and we pray for continued healing).

C. Website

The Waterloo CRC website currently has a limited amount of information but it is available to anyone who looks for it.

  • Permission should be given for any name and contact information to be included. For example, a contact name and/or phone number for Vacation Bible School information should only be posted on the web with that person's permission. There are possibilities to include only first names and/or first name with last initial.
  • Rather than have the different contacts listed for each program it may be possible to have all contacts come through a church email address, and then have the administrative assistant forward them appropriately.
  • We need to have consent to post anyone's picture on the web, especially if there is a name connected to it, or if there are other identifying features.
  • If the newsletter is posted on the website it adds to the issues currently listed under B. Newsletter as the information will be more widely available, even with a monitored distribution of the hard copy.

D. Clubs / Activities

There are a number of various programs run by WCRC that collect various information.

  • Each activity (e.g. Friendship, GEMS, and Cadets) has a membership list. Care must be taken if these lists are distributed, even amongst the participants in the group. It would be implied consent when a parent gives information about a child that they allow that information to be given to others helping run the program, they may not necessarily consent to having the information given to all other participants.
  • Photos taken at group events need permission to be posted, either on-line or in the church. Most groups already have a consent form for these purposes.
  • Information gathered for one activity is used for other activities. We need to be careful when we use information gathered for VBS registration to contact people for Cadets and GEMS or other programs.

E. Information sent out by the church

The church will occasionally give information regarding church members / children to other organizations, including other churches and other church related institutions.

  • Consent should be received before we send information to any outside organization. When people give us information it is assumed to be for our purposes even though the other causes may be church related, not all people would appreciate receiving fundraising requests from denominational ministries. E.g. people should be asked prior to our sending their information to Christian colleges.
  • Classical credentials ask if we forward information regarding people from our church who may be moving or studying in the area of another church.

The above listed areas are not an exhaustive list. There are other situations where personal information may be involved within our church but these areas currently have some form of protection in place.

  • Membership files (limited access)
  • Financial donation information (limited access and distribution)