By Steven Robinson
How to manage privacy and social media risk for religious and non-profit entities
One can’t browse a news site without seeing a story about cyber-crime. From website intrusions and social engineering scams, to political “hactivism” and electronic theft, these incidents have become commonplace. The unauthorized release of private information is a threat which even the most profitable businesses are facing.
So, what happens when the business isn’t in the business of profit? Unfortunately, churches aren’t insulated from
these risks.
Vulnerabilities
Non-profit entities are vulnerable to the theft of laptops, mobile storage devices, servers and smart phones.
Hacking incidents have made recent headlines, as have phishing, social engineering and malware infiltration. Consider the following scenarios:
- The resources spent on internet security are rendered useless because the information now rests in the hands of a document disposal company.
- A staff member sends benefits information for employees to the wrong email list.
- A laptop containing health information is stolen from a pastor’s car.
Churches hold sensitive giving records — bank information, credit card data and background checks. What happens when that privacy is breached?
Consider “cyber” insurance
A rapidly growing element of comprehensive church risk management programs is Cyber, Privacy and Network Security Liability Insurance. Through physical files, networks, laptops, mobile devices and websites, there are access points and areas of risk for churches that traditional insurance policies don’t address. Organizations which people trust and support can also be prime targets for those who wish to profit at the expense of their goodwill.
A unique relationship exists between a church and its members, and there’s a responsibility to ensure that private information remains confidential. A properly structured Cyber Liability insurance program — including the coverage outlined below — is critical.
Privacy Breach Coverage addresses claims against an organization for the unauthorized release of the private information of its members / parishioners, volunteers
and employees.
The expense of notifying members or employees that personal information has been exposed can be among the costliest for organizations. Remediation expenses can also include member notification costs and legal advice to ensure compliance with various state privacy laws. IT forensics expenses can run as high as $600 per hour. Credit monitoring, call center hotlines and public relations assistance are additional expenses to consider. Costs have been estimated at $59 per record.
Increased focus must also be given to Online
Copyright and Media Liability exposures. Through live streaming of church services or copyright infringement of music or videos, our access to media opens the door to legal exposures. Today’s churches often neglect to take proper measures for securing permission for copyrighted brands. A study by charity DYNAMICS and Nonprofit
Technology Network (NTEN) found that 35 percent of donors visited their favorite charity’s website a “few times a year” to “daily.” Additionally, 22 percent of donors commented on their Facebook page, and 16 percent received a Tweet from the charity.
As social media plays an increased role, new avenues are created for libel, slander and defamation. The standard General Liability policies for churches contain specific exclusions for personal injury when conducted in an online environment.
Network Security covers liability when a network under the organization’s control is responsible for introducing a virus, malware or other harmful code to others. With mobility and convenience comes increased security risk; a church might be unaware for weeks that its network has been attacked. A lack of knowledge, though, doesn’t absolve the organization from the liability.
An area of opportunity
Churches represent many of the most significant risk categories that Cyber policies address. From the nature and volume of information they hold, to the accessibility of the data, Cyber insurance coverage is critical to protect members, employees, volunteers, the church’s reputation and its financial health. It’s important to select a broker who understands this and can provide appropriate protection.
Steven Robinson is Area President of RPS Technology & Cyber, a division of Arthur J. Gallagher & Co., which works closely with the company’s Global Religious Practice. He is based in Cambridge, MD.
