Does Your Website Need a Privacy Policy?

Some states require thorough policy statements

Visitors to your ministry’s website trust you to protect their personal information. To help relieve any concerns individuals may have about the security of their information, create a website privacy policy unique to your ministry. Here are three reasons to do so:

1. It gives users peace of mind. Online privacy policies can help users understand why you collect and use their information and how you keep it secure. Let users know what information you collect, how it will be used, and who will be able to access it.

2. It’s the law. Some states require that nonprofits include a privacy policy on their websites. For example, if your ministry website collects personal information from users in California and other elements are present, you may have to comply with specific state requirements. Also, there may be additional privacy policy requirements for ministry social media pages. The National Conference of State Legislatures provides a helpful resource on other state laws related to Internet privacy that can help you determine the laws that apply in your state. Consult with a locally licensed attorney for specific advice.

3. It protects your children. Special rules apply to content for kids. If your ministry’s website, or even a portion of it, is directed to children under 13, the Child Online Privacy Protection Act (COPPA) likely applies to your website. COPPA protects the personal information of children under the age of 13 by requiring website owners to post a compliant privacy policy and obtain parental consent before collecting information. The Federal Trade Commission’s resource, “Children’s Online Privacy Protection Rule: A Six-Step Compliance Plan” includes helpful information on complying with COPPA.

Creating a Privacy Policy

When creating your policy, be sure to address the following questions:

• What information do you collect? Does your website ask users to share personal information such as their name, address, phone number, and email address? What about financial information, including debit and credit card numbers? Your privacy policy should specifically state each type of information you collect.

• How do you collect information? Is information collected automatically when users visit the site, or do they fill out a form with their information? Do you maintain information received in other ways, such as insurance information provided by a member on a paper version of an activity participation agreement? Instead of developing multiple privacy policies addressing various operational activities, many organizations decide to adopt one comprehensive policy that encompasses all of their operations.

• Why do you collect information? Why does your ministry collect personal information from users? Your answer may be as simple as “to further the purpose of the ministry by facilitating communication between the user and others who attend.” If you are collecting financial information, your policy should be more specific about how this information will be used.

• How do you share information? Beware of well-intentioned but inaccurate policy statements, such as “we will not share you information with any third party.” Does your ministry share information with a related organization such as a school or camp that has access to your ministry’s data? Do you use outside vendors to handle a user’s information for your ministry? If you answer yes to either of these questions, your ministry’s privacy policy should reflect this.

• How do you secure information? Do you work with networking and website programming professionals to ensure that the ministry’s website uses industry-standard security protocols, firewalls, and encryption programs? Ensuring that these safeguards are in place is important, especially if your ministry handles financial information.

It is also important to make it clear that your online privacy policy applies only to your ministry website. It does not apply to other websites that you may link to from your site.

Tell Users about “Cookies”

A cookie is a small piece of data a website stores on a user's computer that contains information about the user’s activity on the website. Cookies generally help websites run more efficiently by performing tasks such as remembering the user’s log-in information.

Most cookies do not collect personal information. However, since certain types of cookies do track user activity across other websites, it’s a good idea to describe the functions that cookies perform on your website. Your policy might also note that a user can change his or her web browser settings to refuse cookies.

More Resources

Privacy Policy - Sample Wording