Privacy Statement

Please post questions in
The Upper Room's
"Parish Web Development" forum

Web Weaving Kit for parishes of the Archdiocese of Denver

A "Privacy Statement" is a disclosure notice about the types of information your site collects from visitors and what you will do with that information.

If you read the newspapers, you've probably come across stories regarding the Internet and threats to personal privacy. Dry reading to be sure.

But the personal privacy issues that the Internet has introduced are real, and each day Internet users -- Catholic parishioners included -- are caring a little more these issues. It's a good idea for any every parish site developer to become familiar with privacy issues and make some decisions about how your parish will deal with and information you collect.

After you've thought through these issues, you should consider posting a link to a "Privacy Statement" in a consistent place on your page. This page offers you a simple privacy statement that can be adapted to meet your needs.

Most Internet users don't sweat through the night wondering if their privacy is being compromised online.

You may be surprised, however, by some of the information gathering opportunities web-site operators enjoy.

For example, did you know that a typical browser reveals to the site administrator users' e-mail addresses, computers and operating systems, browser types and version numbers, geographical locations, and the previous web site visited? That means such information can be collected before the user clicks a single link on the site.

What's more, by placing "cookies" on your computer, alliances of web sites can actually track your shopping patterns across the Internet. Netscape defines cookies as "a general mechanism which server-side connections (such as CGI scripts) can use to both share and retrieve information on the client side of the connection." Cookies can be very useful, because a site such as Amazon.com can virtually "remember" the types of purchases you make and offer you special deals on similar merchandise.

However, consider what might happen if this information is shared with other organizations that have different information about you. For example, a web site may know your e-mail address, the type of merchandise you like to buy and the types of sites you visit. What if it merges with a direct-mail company that knows your e-mail address, your name, mailing address and more.

Suddenly, one organization, or an alliance of "parnters," know more about you than you ever intended when you visited the web site.

That may not stress you out, but some people are concerned about it. And the more people understand about what personal information can be collected, the more likely it is they'll want to know what you're collecting.

Nothing, right?

Well, if you don't collect any information from your users, you're probably not making great use of the web. For example, this toolkit suggests two features that directly solicit some information. First, there's the Parish Registration form. You're asking for phone numbers, mailing address, all sorts of things. Second, there's the online newsletter. You may just be collecting e-mail addresses here, although you may wish to know more about your subscribers.

These are entirely appropriate uses of this new technology -- if you use the collected information for stated reasons.

Here's an example of how you could quite innocently alienate parishioners:

Suppose you have a "Prayer Intention" form on your site, through which people are invited to submit special intentions for upcoming liturgies. You require an e-mail address to make sure one person isn't submitting seven prayers each week.

Well, Father Bigplans and the parish council have decided to launch a campaign to raise $2 million for a school addition. Every parishioner will be invited to help -- and the plan is to do it by e-mail. (You can see where this is going.) The volunteer who manages the parish list decides to add all those e-mails from prayer intentions into the mix, and suddenly, Mr. Leavemealone accuses you of spamming him.

Spam? It's not just canned meat anymore. In 'Net-speak, spamming is when people send out mass e-mailings in hopes that a small percentage will respond. It's considered bad manners.

Again, the point here is not that asking for campaign money through an e-mail list is bad. Just remember to give people what they're expecting when you collect their information. If you offer a newsletter in exchange for an e-mail, deliver only a newsletter. Or, if you must, deliver a newsletter that asks them if they'd be willing to receive more stuff from you.

This is where a Privacy Statement can be very helpful. It doesn't have to be too fancy either. The most important thing a privacy statement does is maintain a high level of trust with your visitors.

There are a lot of opinions on what's adequate in a privacy statement. According to the the Federal Trade Commission's 1997 Internet privacy guidelines, a privacy policy on a web site should do the following: a) notify users before collecting data, b) give users an "opt-out" option, meaning site visitors should be given the option of revealing no personal information if they choose c) allow users access to personal information for the purpose of correcting it d) ensure that the data is secure, and, e) obtain consent before sharing the data with others.

Privacy policies are becoming standard on large e-commerce site. However, the Electronic Privacy Information Center's "Surfers Beware3" study, completed at the beginning of 2000, noted that 18 of the 100 most frequented shopping sites had no privacy policy at all. The study concluded that many of the policies available were "typically confusing, incomplete, and inconsistent."

Need help figuring out the contents of a privacy policy your site should include? Check out these links. One of them -- Microsoft's bCentral -- actually builds a statement for you based on your answers to a set of questions.


©Gregory L. Kail/Archdiocese of Denver, 2001 303.715.3123