AT INVESTIGATION: Is eAdventist Safe?
by Laura Leeson | 9 December 2022 |
In a world where identity theft and data mismanagement is rampant, knowing who has our information and why is an ongoing concern. While it is twenty years old, many of us became aware of eAdventist through Brian Ford’s talk at the North American Division year end meetings a month ago.
The presentation raised questions of privacy and process. Adventist Today went in search of answers: who has the data, what data do they have, how can it be used, and how does eAdventist conform to existing laws?
History
When eAdventist was developed in 2002 as a means to store, manage, and utilize church records, the world was only beginning to comprehend the ramifications of the internet on a person’s privacy. There were no Canadian or American privacy laws yet. “We didn’t wait for privacy law,” recounted Brian Ford, creator and administrator of eAdventist. “We have always advocated for all who use eAdventist to follow privacy principles even if there are no privacy laws in place or the existing laws don’t apply to non-profits yet.”
The creators of eAdventist based their new database on the Australian Privacy Principles. These thirteen principles outline transparent management of personal information by how the information is collected and used, and by whom. It further stipulates the information collected must be stored safely and that the individual has a right to see and correct their own data. It may surprise you that the “land of the free” has not set a federal right to privacy law; however, in 2020, California’s Consumer Privacy Act (CCPA) set the bar for higher protections to the online world of consumer databases. In 2023, the new California Rights Privacy Act (CRPA) will extend those protections.
The CCPA says Californian consumers have the right to know what data is being collected, in some cases to have that data deleted, to opt out of the sale of their information, and to not be discriminated against for using their rights under the law.
So, how does eAdventist measure up? While the new laws in California do not apply to non-profit organizations, Adventist Today has looked into how eAdventist works and what you need to know.
Data Collection
Like most of us, I thought what little my church knew about me was stored in a dusty filing cabinet somewhere. I certainly didn’t think too hard about how Adventist Journey and Review kept up with me after three moves in four years.
It turns out my information was regularly updated on eAdventist after every move and transfer. Local church clerks who choose not to use eAdventist send paper copies of records to the conference, where they are faithfully entered into the database.
In a conversation with Brian Ford, I learned the database has stored my name, address, church membership and transfers, my email address and phone number, baptismal records, and knew who my Adventist family members were. It also had the potential to record my marital status, race, language, and occupation.
All members, whether the local church is using the database or member app directly or not, have the right to see and correct their data. A request for this data can be made to your local church clerk or pastor, and they can have a read-only file emailed to you. You can submit any corrections to your information.
Who Has Access?
A privacy policy for eAdventist was voted on by the Union executive secretaries in 2004. This policy states the data collected and stored belongs to the local church and conference. For a non-conference entity—for example, Union-level publications—authorization must be requested on official letterhead and approved by the executive secretary of the conference. While not a voted policy, one of the principles eAdventist promotes is the gathering of data through legal means—information members give to the church voluntarily.
Local church employees, pastors and clerks, only have access to the members’ records of their own church in the database. Conference employees only have access to their conference churches, and that access is limited to the employee’s role within the conference requiring use of member data. For example, the employee tasked with creating and maintaining users for a church not using the database would have access to the records they were inputting. Should you have received a Christmas catalog from your local Adventist Book Center (ABC), the conference secretary sent the mailing information to the ABC. The secretary would only have sent the name and addresses pertinent for creating labels. The conference can also choose to share some of this information with union or division personnel, such as those who mail out Adventist Journey and the union paper, such as Gleaner or Outlook magazines.
Through the MyEAdventist app, or by request to your local pastor or church clerk, you can have more control over who sees and uses your data. You can choose to have your address, phone numbers, and email addresses “unlisted” in the directory function of the database.
Data in the Past
“In the olden days, we didn’t have to worry about all this,” I hear you say. Back then it was common practice for the union, which compiled its own lists separate from membership records, to sell the data they collected to other approved Adventist organizations.
This would fund the union paper and the costs of mailing it out. The other Adventist organizations would, in turn, have a larger mailing list from which to fundraise. The membership was none the wiser.
Now there are additional safeguards in place. With the digital world come more opportunities for opting in or out. More importantly, the discussion on privacy insists on transparency. If the new California laws applied to non-profits, each member on a mailing list would have to “opt in” to their information’s being sold to other organizations or used in a way which isn’t a benefit of being a member of the Seventh-day Adventist church. As one day these laws will extend to non-profits, the eAdventist team strongly recommends all conferences treat the data they’ve collected with the utmost respect.
It should also be noted that eAdventist is not a new technology. Since 2008, every conference in the North American Division has used eAdventist. In 2012, the General Conference (GC) started the development of similar software for the use of the global church. At that time, the GC also created the Office of Adventist Membership Software.
Opting-Out and Deletion of Records
Ford said some have asked if CCPA includes the right not to be tracked. It doesn’t. He compared church membership to banking records. A person can ask to see their information and ask to have it corrected, but it cannot be “forgotten.”
However, a person can opt out of having their information shared or used for the purposes of promotional mailings. If you choose to opt out of the conference’s sharing your information with the union or ABC, contact your church clerk or pastor. They will be able to verify your identity and forward your request to the conference.
Data and the Future
Many of the North American Division delegates at the year-end meetings were glad for the opportunity to discuss privacy and data collection. Those from the Southern Union requested legal counsel be brought into the discussion. To this end, one of the new team members at the Office of General Counsel has expertise in privacy law and will be brought into the eAdventist discussion, especially as more states adopt consumer privacy and data laws.
Digitalization is becoming the way of the future. While everyone is advocating caution as we move forward, some delegates suggested connecting eAdventist and Adventist Giving. This change would generate more transparency for churches, members, and conferences. However, this will be a long time in coming, if, indeed, it ever comes. The first challenge is technical: merging two unique platforms is not easy without interrupting their services. The second is personal: for such a merger to take place, eAdventist would have to win the trust of the members as a safe place to store financial information. Coming together to reason with one another is an important first step towards building much needed trust on both sides of the discussion.
The eAdventist team welcomes questions and concerns about privacy or data use. They can be reached at: help@eadventist.net
Suggestions
As we conclude this investigation, we would like to see church judicatories study informed consent as they utilize this tool.
- Members should be made aware what data their conference is collecting and why.
- The opt-in and opt-out features should be readily available to every member without the red-tape of church clerks or conference employees.
- While we understand conference verification theoretically limits hacking, it may not be worth the cost of the hassle of multiple parties’ being involved, especially in a local church not currently using eAdventist.
Could eAdventist data be misused? Absolutely—as all data can be. Data collection, even by the church, is a genie which can’t be put back in the bottle. However, we feel, under the circumstances, that eAdventist is a minimal risk.
Laura Leeson is a recently retired teacher who has taught every grade from K-12. She works as an investigative journalist for Adventist Today.