Request a clarification on usage of non-church owned websites

brado426 · Post by **brado426** » Thu Jul 31, 2008 12:24 pm

RussellHltn wrote: Personally I see a bigger consistancy issue in that on one hand we've been asked not to upload information to 3rd party servers and yet a stake has received permission to use the ymyw.org website.

I've never used ymyw.org, so correct me if I'm wrong, but I was under the impression that it required manual data entry and did not require the upload of data from any Church system.

russellhltn · Post by **russellhltn** » Thu Jul 31, 2008 12:40 pm

Brad O. wrote:I've never used ymyw.org, so correct me if I'm wrong,

Nor have I, so we're in the same boat.

Brad O. wrote:but I was under the impression that it required manual data entry and did not require the upload of data from any Church system.

I could be wrong, but don't think it's the method of uploading as much as where the information comes from. If people are entering their own information, that's fine. It's when someone (like a church leader) enters the information (on members) from a MLS print-out we have a problem.

tortdog · Post by **tortdog** » Thu Jul 31, 2008 3:24 pm

RussellHltn wrote:Personally I see a bigger consistancy issue in that on one hand we've been asked not to upload information to 3rd party servers and yet a stake has received permission to use the ymyw.org website.

Actually there are now two stakes (if you were referring to my stake). I am in a brand-new stake and we took the precedent from one of the stakes from which we were formed. So both the parent and the child stake are going off the original advice received from the parent.

I had thought that I had read on this forum that ymyw.org and scouting.org were viewed as okay, and not a violation of the Church's policy. But I'm new here and I skimmed over a lot of material on this site so I might have misread it or be off.

However, at least two stakes are happily going forward (and have been). Since we already have permission, there's no way that we're going to ask again. You don't look a gift horse in the mouth.

tortdog · Post by **tortdog** » Thu Jul 31, 2008 4:40 pm

Brad O. wrote:I've never used ymyw.org, so correct me if I'm wrong, but I was under the impression that it required manual data entry and did not require the upload of data from any Church system.

It is manual entry. But as mentioned, how the data gets in should not be relevant. Rather, whether the data stored is deemed confidential enough that the Church wants it kept off public servers should be the key. The data you put into ymyw.org generally includes

* adult: name, position, e-mail and phone
* youth: name, birthday, e-mail and phone

You don' t have to put in all that information, and you could use initials to substitute for names. Birthday is somewhat important as it keys into the youth's progress through the quorums/YW classes.

brado426 · Post by **brado426** » Thu Jul 31, 2008 5:19 pm

tortdog wrote:It is manual entry. But as mentioned, how the data gets in should not be relevant.

Yes!

http://tech.lds.org/forum/showthread.php?t=576&page=4

Post by **Mikerowaved** » Thu Jul 31, 2008 8:18 pm

I think the former First Presidency message of Dec 13, 2004 (quoted earlier) covers these topics pretty well. If they would like to make an exception for ymyw.org, or any other site, then they are certainly entitled to do so. Even on a case by case basis. I have every trust in their judgment.

The problem with 3rd party websites is that no matter how secure they think they are, stuff happens. Every single week there are reports of personal confidential information being exposed to the public. Medical records, personnel files, educational histories, even military records. Some are exposed by accident, some by negligence, some by hackers.

Don't forget there are also website owners and administrators that will have unlimited access to the entire gammit of information stored on their website. Do you even know who these people are? Do you trust them? Can you be certain they aren't in the data harvesting business, or (heaven forbid) predators? Do they REALLY take data security seriously, or just give lip-service with a wonderfully written Privacy Policy?

My point is, once the information gets stored outside of the Church's careful watch, they have little or no control over it's safekeeping, but might still be liable for protecting it. That's not a good situation to put yourself in and I can fully understand their concern.

daddy-o-p40 · Post by **daddy-o-p40** » Fri Aug 01, 2008 12:55 am

Brethren,

I would like to point out a perspective that has been completely overlooked in this new round of discussions on this post I started long ago.

In addition to the desires, guidance and rules put forth by the first presidency we must comply with the rule of law. Regardless of how the data gets to a third party site the key is not how it got there. Instead it is what the data contains.

Information uploaded, by whatever means, is limited by law to public record information (name, address, and maybe a phone number.) Keep in mind that this is permitted without written consent for adults because this is public record information.

However, for minors it is a violation of federal law to share their information without an auditable record of written consent by the individual and their parents/guardians. So with that being said let's remember that YM who participate in Scouts join the scouting program and this membership may cover Boy Scouts of America. As for ymwm.org they are not covered in any way. Ymyw.org is violating federal child privacy laws and certain interpretations of church policy.

There are variations from state to state and country to country as you might imagine. In my prior research I uncovered that Pennsylvania will not permit any information about minors posted anywhere regardless of whether permission has been granted.

So my personal recommendation is that any leaders planing to use and/or already using ymyw.org contact the church's legal department about instructions to protect the church from inadvertant legal transgressions.

russellhltn · Post by **russellhltn** » Fri Aug 01, 2008 1:56 am

daddy-o wrote:for minors it is a violation of federal law to share their information without an auditable record of written consent by the individual and their parents/guardians.

Are you referring to COPPA or something else?

brado426 · Post by **brado426** » Fri Aug 01, 2008 6:59 am

daddy-o wrote:Brethren,

I would like to point out a perspective that has been completely overlooked in this new round of discussions on this post I started long ago.

In addition to the desires, guidance and rules put forth by the first presidency we must comply with the rule of law. Regardless of how the data gets to a third party site the key is not how it got there. Instead it is what the data contains.

Information uploaded, by whatever means, is limited by law to public record information (name, address, and maybe a phone number.) Keep in mind that this is permitted without written consent for adults because this is public record information.

However, for minors it is a violation of federal law to share their information without an auditable record of written consent by the individual and their parents/guardians. So with that being said let's remember that YM who participate in Scouts join the scouting program and this membership may cover Boy Scouts of America. As for ymwm.org they are not covered in any way. Ymyw.org is violating federal child privacy laws and certain interpretations of church policy.

There are variations from state to state and country to country as you might imagine. In my prior research I uncovered that Pennsylvania will not permit any information about minors posted anywhere regardless of whether permission has been granted.

So my personal recommendation is that any leaders planing to use and/or already using ymyw.org contact the church's legal department about instructions to protect the church from inadvertant legal transgressions.

daddy-o:

That is a good point. At my job, we create promotional marketing websites for other companies. We are not allowed to collect any child's information that is under 13 years of age. Before a person is allowed to enter his or her information on any of our sites, he or she must confirm that they are 13 or older.

aebrown · Post by **aebrown** » Fri Aug 01, 2008 7:57 am

daddy-o wrote:Ymyw.org is violating federal child privacy laws and certain interpretations of church policy.

It's certainly good to be aware of privacy laws. But I don't see how you can make a blanket statement about this site violating those laws. That site does not make the information public to anyone except those who are authorized within the ward or stake. Also, that information is not necessarily any more than a name, or initials -- it depends on how the leaders use it.

We can discuss the security of the servers that host it, transmission protocols, etc., and these are all good questions. But I think you'd have to show specific legal violations to back up that claim. I'm not saying that I know there are none, but I certainly haven't yet seen any evidence of any.

Just a thought question -- how does ymyw.org differ from the local unit web sites? With LUWS, the names, addresses, and phone numbers of hundreds of minors per stake are listed on a web site. Thousands of people (all the stake members, but not the general public, of course) can see this information. Although any member can opt out of his/her information being listed, by default it is listed. We only have the security of the site protecting the entire world from seeing all that private information. Now I know who the Church is, and I know they are working very hard to have a secure site. But ymwy.org would have even less private information. From a legal standpoint, what's the real difference?