Page 1 of 2

Re: GDPR

Posted: Mon Oct 16, 2017 11:45 am
by russellhltn
I assume you're talking about General Data Protection Regulation which affects the EU. From what I've seen, the church has been vary careful about what information they collect and who can see it. I'm sure it's being handled at the area level, if not higher. I'd expect local units to comply with any direction that comes out and avoid gathering any information beyond what the church records.

This could put a damper on local leaders who try to ask for more information than can be found on the membership record.

You can find Data Privacy Statements for various countries here.

Re: GDPR

Posted: Fri Mar 23, 2018 2:08 am
by pani
The UK policy will need updating and I imagine all of them in the EU.

From the document it will be interesting to see if the church changes this point: Some
information is retained indefinitely as part of permanent gene-
alogical, membership, historical, and other records

If the person is dead I don't think GDPR applies but this is more than genealogy.

The other thing would be birthday lists, and address lists and newsletters and how they are distributed and by what data sources are they distributed.

Is the historic consent on the baptism record form sufficient for all members? Is the current consent on the baptism record form compliant?

Does the church really delete all aspects of someones membership details when they ask to be removed?

Re: GDPR

Posted: Mon May 21, 2018 2:43 am
by dakkaron
From y experience as a missionary and later as a ward secretary the church is not at all compliant with GDPR, especially not the missionaries. Missionaries collect and store non-member data (contact details and teaching records) without any kind of written consent for an indefinite amount of time. Often, even when people ask for the records to be destroyed, this does not happen. Currently, teaching records are stored in electronic form and I believe are sent to servers in the US.
In the wards there are often records of members wo haven't been at church for multiple decades.
While I believe ex-members can ask for their records to be destroyed, just "taking their name off the records" or being excommunicated does not cut it, as their member records can be restored without them having to input the data again if they return to church.

I do understand why most of this is important for the functioning of the church or might cause more work if it is implemented properly, but at the same time it is very dangerous not to comply with GDPR.
The Jehovah's witnesses for example were collecting similar amounts of data in a similarly careless fashion, until they were sued for it. They argued that their members/missionaries were just collecting the data for private purposes, but the court ruled that a member of a church is always a member of that church and thus are not able to collect data for private purposes.

I really hope the church does not ignore this...

Re: GDPR

Posted: Wed May 23, 2018 9:47 am
by scgallafent
The Church is aware of GDPR issues and is working through the needed changes.

Re: GDPR

Posted: Wed May 23, 2018 9:55 am
by pani
With the deadline for compliance 2 days away I haven't seen any information yet

Re: GDPR

Posted: Wed May 23, 2018 10:45 am
by johnshaw
pani wrote:With the deadline for compliance 2 days away I haven't seen any information yet
What information are you expecting to be shared with you, specifically?

Re: GDPR

Posted: Wed May 23, 2018 11:57 am
by lajackson
The Church already publishes privacy statements for many countries that explain what information the Church keeps and how members may communicate to the Church any privacy concerns. They should be posted on meetinghouse bulletin boards in those countries.

I am not a GDPR expert, but I expect those policies are being reviewed to make sure they are compliant with the new EU law.

Re: GDPR

Posted: Thu May 24, 2018 2:51 am
by pani
johnshaw wrote:What information are you expecting to be shared with you, specifically?
  1. Updated privacy policy for meetinghouses;
  2. updates to the missionary department about collecting information from missionaries which is then passed on to bishoprics/ward council members whether that information if for members or non members it makes no difference - they often collect name, age, address without any consent;
  3. baptism record form would have to have new wording on it;
  4. clarity on where information is stored / country sent to / consent for it to leave the EU;
  5. method for removing incorrect information or removing all information and how that takes place (for example someone who has their name removed still has a record somewhere with baptismal date info etc.);
  6. method for missionaries to remove data from area books when someone has asked for them not to come back - those area books are a good resource but if someone has said they aren't interested we try again many times over. Change of missionaries increase the chance of a call back on an old area book record where someone has said don't come back.
Most organisations I know and certainly the ones I'm involved with have had this published for a few months now and have planned to change procedures so it will be good to see the church leading on this.

GDPR

Posted: Thu May 31, 2018 9:58 am
by johnshaw
This board just doesn't seem like the place for this conversation. I realize you are looking out for the church in your concern but this board is really just Members of the church helping each other... I'd suggest you take this up wtih the Area Presidency through priesthood channels, or you can use the contact information in the URL below. https://www.lds.org/legal/privacy?lang=eng&_r=1

Re: GDPR

Posted: Fri Jun 01, 2018 11:38 am
by lajackson
The previous post by johnshaw responds to a post that was not approved by the moderators because it contained specific information that is not on topic for the Forum. With regard to this topic:

The Church is aware of GDPR and many things are happening behind the scenes with regard to the privacy of member data and this specific new EU rule, along with other privacy laws and requirements around the world.

These matters are more appropriately discussed with priesthood leaders, who will elevate any concerns as needed. For example, in the Forum you often see a reply that simply says to speak with your bishop or stake president. The stake president meets regularly with the other stake presidents and the mission president in a coordinating council meeting conducted by an area seventy or the area presidency. This is where these important matters can be coordinated in accordance with Church policy and procedures. These are not usually technical matters that can be resolved here at the Forum.

Of course, we all have a responsibility to keep membership and financial information private according to the procedures in the Handbook and other Church policy documents. When there is a concern about something we may observe, it is certainly appropriate to take these concerns confidentially to our priesthood leaders, who will act on them or elevate them to a level of responsibility where any concerns may be resolved.

Because this is a public forum, discussions here should be of a general nature without specifics, and with the aim of providing suggestions and ideas to other clerks and leaders to help them successfully fulfill their callings.

I believe there is much information of value and that there are still suggestions to be shared that will benefit us all.