SUPPLEMENTAL MATERIALS FOR THE PANEL DISCUSSION, “FROM TEXTING TO TWITTER: KNOW YOUR RISKS” Tuesday, July 15, 2014 | 3:45 p.m. – 5:30 p.m. 2014 NACBA Conference | Orlando, FL
m
a
g
a
z
i
n
e
MEET OUR ESTEEMED PANEL
4
SOCIAL MEDIA USE POSES REAL-WORLD RISKS
8
“From Texting to Twitter: Know Your Risks” — A panel discussion presented by Church Executive Magazine at NACBA 2014
9 factors to consider (and mitigate) now to avoid disaster later By Robert Erven Brown, Esq. In his novel Brave New World, Aldous Huxley welcomed the reader into an environment where old concepts of reality have been replaced by profound technological changes. Writing in 1932, he anticipated developments in reproductive technology, sleep-learning, psychological manipulation and classical conditioning, which he forecast as a dystopian society. But, even Huxley didn’t anticipate how an inner-connected, digitized world would recast our perception of — and participation in — society. As church leaders wade into the new digital ocean, they’ve discovered that the new reality facing them in 2014 is quite literally a perfect storm of change.
ESTABLISHING GUIDELINES FOR ELECTRONIC COMMUNICATIONS
10
ARE YOU TRULY COVERED ONLINE?
14
PROTECTING YOUTH
16
SHOULD YOUR MINISTRY “FRIEND” JOB CANDIDATES ON FACEBOOK?
20
By Emilie M. Pierschalla and Edward A. Steele, CSP Before diving into a Facebook page or Twitter account, or beginning a text message campaign, experts recommend establishing an all-encompassing Social and Digital Media Code of Conduct to help ensure appropriate electronic communications.
10 14
How to review your insurance policy for social media risk coverage compliance By Steven Robinson As churches continue to use tools such as social media, streaming video and other techniques to enhance their missions, it’s important for administrators to examine not only the benefits, but also the risks — and to make sure their churches’ insurance is keeping pace with this ever-changing risk landscape.
How to develop an adult electronic communication policy By Crispin Ketelhut As organizations who work with youth, church executives no longer need to ask themselves if they should enter into the electronic medium of conversation, but rather, how do they appropriately and safely engage others? The real issue concerns organizational and individual transparency as it relates to the establishment and continued maintenance of boundaries for meaningful electronic communication. Some churches already have an adult electronic communication policy in place, while others haven’t yet integrated them into their code of conduct documents. Regardless, this article contains some important items to remember.
By Dan Watson Many employers know that the fastest way to learn about job applicants is to Google their names and see what pops up on social media sites such as Facebook, LinkedIn or Twitter. While social media might be an excellent source of information, you should be aware of the legal and ethical issues involved in using social media to screen your staff.
2 | CHURCH EXECUTIVE | SOCIAL MEDIA STARTER KIT | 07/2014
22
“Like” us on ChurchExecutiveMagazine “Follow” us on @ChurchExecutive
BRING-YOUR-OWN-DEVICE POLICIES
22
CASE STUDY: MEGACHURCH POLICY REVIEW
26
SAMPLE CODE OF CONDUCT
28
SAMPLE SOCIAL MEDIA POLICY
31
SAMPLE SOCIAL MEDIA POLICY
33
Key considerations for developing one at your own church By Robert Erven Brown, Esq. If you’re going to allow people to bring their own devices into your church, it’s important that each individual acknowledges a key tenet: It might be his or her device, but it’s your church’s data that’s being exposed to hackers and thieves. Always remember that if an app is free, then your church (and its data) is the product. Several mundane — yet critically important — organizational disciplines impact the effectiveness of our churches’ bring-your-own-device (BYOD) policies and procedures.
26
Just because a church is big, doesn’t mean its cyber risks are covered By Steven Robinson Particularly among rapidly growing churches whose growth and outreach have been fueled largely by the effective use of media in various forms — across many platforms — insurance coverage has not kept pace. This article spotlights a few examples of this shortfall contained in one megachurch’s policies. These examples will help your own church take a more informed look at its coverage related to privacy and communications in today’s electronic environment.
Co-written by Crispin Ketelhut, Virtus Online (a program and service of The National Catholic Risk Retention Group, Inc.)
16
SUMMIT CHURCH (Orlando, FL) Excerpted from Summit Church’s Employee Handbook
Provided courtesy of Brotherhood Mutual Insurance Company
20
07/2014 | SOCIAL MEDIA STARTER KIT | CHURCH EXECUTIVE | 3
“FROM TEXTING TO TWITT
A Panel Discussion presented by Churc
Tuesday, July 15, 2014 | 3:45 p.m. - 5:30 p.m Social media is rapidly changing how churches communicate. While texting and Tweeting have their purposes, they can also cause major challenges for your church. Learn how to recognize potential social media hazards before they become catastrophic. Please join us at the National Association of Church Business Administration (NACBA) Annual Conference in Orlando, FL on Tuesday, July 15, 2014 from 3:45 – 5:30 p.m. at the Gaylord Palms. Our panel of trusted experts in marketing, legal, insurance, risk management and megachurch social media will share their best practices and insights. All attendees receive a complimentary social media “starter kit.” For details, please visit: churchexecutive. com/archives/nacba.
4 | CHURCH EXECUTIVE | SOCIAL MEDIA STARTER KIT | 07/2014
TER: KNOW YOUR RISKS”
ch Executive Magazine at NACBA 2014
m. | 2014 NACBA Conference | Orlando, FL
07/2014 | SOCIAL MEDIA STARTER KIT | CHURCH EXECUTIVE | 5
OUR ESTEE MODERATOR
Robert Erven Brown, Esq. A frequent presenter at local NACBA Chapter meetings, Brown is the developer and Coordinator of the Nonprofit Practice Group of attorneys at the Phoenix law firm of Ridenour Hienton, P.L.L.C. This practice group provides a full range of legal services for numerous church and para-church organizations, both in and out of Arizona. He also conducts informative seminars and practical workshops for corporate boards on a variety of governance topics. Brown and his team created a comprehensive program (Campus Preservation Planning©) to protect churches’ critical assets against hostile actions by creditors arising from under-insured, uninsured or unjust claims, while improving risk management and stewardship. He wrote Legal Realities: Silent Threats to Ministries — a copy of which was included as a complimentary gift in your conference materials. Brown is a risk management / legal blogger for Church Executive Magazine. Crispin Ketelhut Ketelhut is the Associate Director of the VIRTUS® Programs, NCS Risk Services, LLC. Before joining VIRTUS, she was a Program and Training Specialist in the Virginia Diocese of Arlington’s Office of Child Protection, as well as employed at the parish level, where she became familiar with child and youth protection policies from the ground up. Crispin has presented the Protecting God’s Children program to several thousand participants. She has also trained and managed a diocesan team of facilitators through multiple Train the Trainer sessions, and continues to train administrators, trainers and facilitators around the country for the VIRTUS Programs. Crispin also develops and edits much of the training content for the VIRTUS Programs. Crispin graduated Magna Cum Laude and received additional degree Honors with an Administration of Justice degree from George Mason University, in Fairfax, VA. She has written and co-written several risk management-focused resources and training content. Kristy-Lee Lawley After working five years in the local news industry, Lawley became the Communications Director of Summit Church in Orlando, FL. Over the past eight years, she has seen Summit grow from a one-campus church with about 500 congregants to a multi-site church where more than 4,000 attend each weekend. Lawley has a passion for finding new and exciting ways to deliver pertinent information to her audience. As a communicator and graphic designer, she uses her 13 years of marketing experience to lead Summit’s Communications Department. Each week, her team uses print, web, video and social media to deliver the church’s message in relevant and effective ways. She especially enjoys using social media as a marketing tool, and credits Summit as being one of the first churches in the U.S. to use Twitter and Instagram as a way of communicating to an audience. In her free time, she can be found adventuring at theme parks with her husband, Rob, and their adorable baby girl, Emma-Kate. 6 | CHURCH EXECUTIVE | SOCIAL MEDIA STARTER KIT | 07/2014
EMED PANEL Patrick Moreland Moreland joined Church Mutual Insurance Company in 1980 and currently serves as vice president — marketing. Moreland earned a bachelor’s degree in business from Marquette University and a Master of Business Administration degree from the University of Wisconsin — Madison. He holds the Chartered Property Casualty Underwriter (CPCU), Certified Insurance Counselor (CIC), and Certified Risk Manager (CRM) insurance designations. He has written dozens of insurance and safety articles that have appeared in various publications in the religious marketplace and has given talks at several government and denominational gatherings.
Peter Persuitti Persuitti comes to his service to the broader religious and nonprofit community after more than 20 years as a leader in the public sector, as well as experience with technology firms. He combines that with five years at Munich Re leading its Public & Nonprofit Practice, and now at Arthur J. Gallagher & Co. for 12 years as Managing Director of its global Religious & Nonprofit Practice. Persuitti leads a full orchestra of nonprofit-focused resources at Gallagher, where more than 24,000 nonprofits are served through a network of specialists within the Gallagher Group of Companies (17,000-plus employees worldwide). Building networks inside the company and throughout the world has helped Persuitti earn the recognition by Risk & Insurance as Power Broker, annually, since 2007. He also has been recognized inside Gallagher with numerous awards for his leadership of the Practice, which today is the largest of its type on the world. He and his wife, Mary Lou, live in Chicago and have two sons.
Brandon M. Smith, JD, CPCU Smith is a Corporate Attorney at Brotherhood Mutual Insurance Company. Since joining the company in 2011, he has assisted ministries with risk management inquiries, including social media concerns, and has helped develop risk management resources that are published on Brotherhood Mutual’s website. Smith also serves as a member of the company’s Privacy-Data Security Team. Smith received his Juris Doctorate from Regent University and is licensed by the Indiana Supreme Court. In 2014, he earned his Commercial Property Casualty Underwriter designation.
07/2014 | SOCIAL MEDIA STARTER KIT | CHURCH EXECUTIVE | 7
IN THIS STARTER KIT, OUR PANEL • Protecting and insuring the mission • Data protection in the “BYOD” (bring your own device) era • Employee rights • Protecting staff from hostile attack • Clarifying, preserving and protecting reasonable privacy expectations • Protecting youth from themselves — and from predators • Using social media as a tool for crisis management, fundraising and promoting your programs
9 factors to consider (and mitigate) now to avoid disaster later BY ROBERT ERVEN BROWN, ESQ.
In his novel Brave New World, Aldous Huxley welcomed the reader into an environment where old concepts of reality have been replaced by profound technological changes. Writing in 1932, he anticipated developments in reproductive technology, sleep-learning, psychological manipulation and classical conditioning, which he forecast as a dystopian society. But, even Huxley didn’t anticipate how an innerconnected, digitized world would recast our perception of — and participation in — society. As church leaders wade into the new digital ocean, they’ve discovered that the new reality facing them in 2014 is a perfect storm of change:
8 | CHURCH EXECUTIVE | SOCIAL MEDIA STARTER KIT | 07/2014
Factor 1: Everything is being converted from paper into digits — from music to photographs, to interoffice communication, to charitable donations, to the checkbook and bill-paying processes, and now — literally — currency itself, if Bitcoins have their way. Factor 2: Once digitized, this information is uploaded to a “cloud.” And what an apt, if unintended, analogy / description this word, “cloud,” is. As information is transferred from a server previously located on your own property, all this information is now moved to an ephemeral, untraceable, mysterious location. Your information is as movable as the wisp of a cumulus cloud on a windy day. This cloud full of information can turn
OF EXPERTS SHARE INSIGHTS ABOUT: your bright, sunny day — rapidly — into a crippling thunderstorm with corruption, theft or loss of data stored in what you thought was a friendly cumulus cloud. Factor 3: Your members and staff are now bringing their own devices into the party. These range from cell phones, to iPads, to iPods. This “BYOD” (bring your own device) party makes it difficult, (if not impossible) for the IT staff to stay up-to-date on the latest iterations these devices. Factor 4: Many of your members and / or staff seem prone to exercise a certain selfrighteous independence and intolerance for discipline regarding their passwords. This is evident as they set their own passwords (or don’t, as the case might be), and as they fail to use sufficiently strong passwords because it’s just too “inconvenient.” And, they are often very unhappy about your IT department’s attempts to control the use of these devices in their homes, let alone in Starbucks! Factor 5: Highly motivated, technologically savvy teams of competitors, thieves, spies and data brokers. They’re on a 24-hour-a-day campaign to monitor, sample, steal and resell your data. Factor 6: The legal system and the legislatures. Both are behind the technological curve in attempting to develop legal precedents and rules to adequately govern the spiraling technology. The hackers have superior skills and equipment compared to most police agencies, let alone your church IT department. Factor 7: Insurance. We have an evolving, but spotty and complex, insurance overlay to cover damages when disaster does strike. Factor 8: The costs of responding to a major data breach. These costs easily achieve six figures, not including the cost to the reputation of your ministry and donors’ trust. Factor 9: Potential civil and criminal penalties. These can apply if you lose data which was supposed to be protected by the “red flag” rules governing credit cards. And, voilà! There you have it: a perfect storm. Oh, and did I mention — unlike the tightly controlled “apps” which Apple developed — the new Android “apps” are available from multiple sources, and the “APK” apps can be side-loaded. This means they can be transferred from phone to phone. So, now your coworkers can share their new version of Angry Birds in Korean with other coworkers, phone to phone!
(Nevermind that the Korean version actually might have been written by North Koreans seeking control of your device.) That 100,000-foot view of the emerging transformation from paper to digital storage is a confirmation, of course, that while the sharp axe cuts more wheat, it can also sever several fingers with a single blow. In this Starter Kit, our panel of experts will help you develop real-time, real-world perspectives from which you can either develop or update your processes for managing this very, very sharp, morphing (digital) axe! Unfortunately, it’s not as simple as just copying one of our “sample” policies contained within these pages. Rather, our goal is to help you develop a paradigm for thinking through the ongoing processes and develop a mindset to help you deal with this digital onslaught. This includes: • Defining and cataloging your specific risks • Finding and employing knowledgeable IT resources • Drafting and testing policies and procedures which work well in your specific environment by balancing user experience, convenience and data security • Testing your system • Enforcing your rules • Periodically reviewing and revising the rules, policies and procedures in light of the continually improving technologies. This Starter Kit isn’t a collection of “fire-andforget” missiles. Rather, it’s like a sourdough yeast “starter” for making bread: You can make a fine loaf, but only if you follow the recipe. And, like baking bread, the best results occur when the data security “bakery” is operated continually, not just once a year. The universe of political social / media / digital concerns continues to expand as human ingenuity and creativity continue to develop new programs. CE Robert Erven Brown, Esq., is the developer and Coordinator of the Nonprofit Practice Group of attorneys at the Phoenix law firm of Ridenour Hienton, P.L.L.C. Brown and his team created a comprehensive program (Campus Preservation Planning©) to protect churches’ critical assets against hostile actions by creditors arising from underinsured, uninsured or unjust claims, while improving risk management and stewardship. He is the author of Legal Realities: Silent Threats to Ministries and a risk management / legal blogger for Church Executive Magazine.
07/2014 | SOCIAL MEDIA STARTER KIT | CHURCH EXECUTIVE | 9
BY EMILIE M. PIERSCHALLA AND EDWARD A. STEELE, CSP
According to a national survey conducted in 2012 by a Christian-based digital advertising agency, 46 percent of religious organizations say social media is their most effective method of outreach. The same survey found that 51 percent of congregations have at least one senior staff member who regularly blogs or updates social media. “Our organization has been using social media for three years now,” says Martin Rathjen, minister of faith formation and communication at Immanuel Lutheran Church in Eden Prairie, MN. “Initially, it was seen as another way to connect with our youth; but now, we’re using it to reach all age groups because of the significant
10 | CHURCH EXECUTIVE | SOCIAL MEDIA STARTER KIT | 07/2014
volume of people using social media tools.” Before diving into a Facebook page or Twitter account or beginning a text message campaign, Meredith Gould, Ph.D., a digital strategist and communications consultant for mission-based organizations, recommends establishing an allencompassing Social and Digital Media Code of Conduct to help ensure appropriate electronic communications. “The Code of Conduct must clearly communicate all social media policies, expectations and rules of use,” Gould emphasizes. “This written agreement
should be reviewed and signed by all staff and volunteers, ensuring they understand your expectations and there are no misunderstandings.”
Social and digital media managers An important part of any Social and Digital Media Code of Conduct is a section identifying the responsibilities of the users and who the users will be. “The first responsibility of any social media manager should be to develop and oversee a strategic plan for how social and digital media communication tools will integrate with existing traditional communications
plans,” Gould says. Digital media managers also are usually responsible for developing and posting content, monitoring the online conversation and engaging in conversation. Additionally, they need to react quickly to neutralize any negative responses. Finally, they should be good teachers to help train other staff members. “If a mission-based organization has a clearly articulated strategy, message and use policy, I recommend senior management designate more than one person to manage the social and digital media >>
07/2014 | SOCIAL MEDIA STARTER KIT | CHURCH EXECUTIVE | 11
presence,” Gould advises. “However, if an organization doesn’t have set guidelines or a strategy, I advise only one social media account manager.”
Privacy settings and disclaimers Religious organizations should understand that each social and digital media tool reaches varying audiences and offers different privacy settings and terms of use. The Social and Digital Media Code of Conduct should clearly define what privacy settings are appropriate and what disclaimers should be used for each online channel. Facebook is currently the primary tool Gould recommends for mission-based organizations because it allows users to create varying degrees of privacy and permission settings, ranging from age restrictions and profanity block, to private groups. Twitter, YouTube and blogs offer privacy options, as well. Immanuel Lutheran Church opts to use Facebook, Twitter, YouTube and Vimeo. “We have one account on each social media outlet for our organization,” Rathjen says. “That account serves our entire congregation, including children’s, youth and adult programs. But, we have private subgroups within our page for various age groups.” Other settings also can make it easier to control the conversation on Facebook. “We have the Cape First Church page settings to allow fans to comment on the page, but they can’t post videos or photos,” says Amanda Starks, media coordinator at Cape First Church in Cape Girardeau, MO. “Also, we have a disclaimer on the pastor’s Facebook page to make sure fans understand that the views of commenters aren’t necessarily those of the pastor.” To ensure full protection, religious organizations are advised to have legal counsel review their social media disclaimers.
Communicating with minors Since younger congregation members are some of the most active on social and digital media platforms, it’s crucial that the Social and Digital Media Code of Conduct clearly outline policies specific to interaction with minors. • Staff and volunteers should not have any one-on one, private contact with minors through any electronic communication vehicles, including (but not limited to) email, text messages, instant messaging or Facebook. • Any electronic communication between an employee / volunteer and a minor must take place in a public environment, such as the wall of a Facebook page. • If there’s ever a case when one-on-one communication with a minor is necessary, another adult from the organization should be copied in the correspondence.
12 | CHURCH EXECUTIVE | SOCIAL MEDIA STARTER KIT | 07/2014
• Let the parents of minors know what your social and digital media policy is. Suggest that parents monitor social and digital media to help mitigate any inappropriate behavior. Although church employees and volunteers have many responsibilities, a very important part is to protect minors. That includes protecting them from inappropriate online or digital relationships and interactions.
Social media crisis communication plans The Social and Digital Media Code of Conduct should include a crisis communications plan specific to social media situations. Gould suggests that leadership create such a plan by thinking through all the possible negative or crisis social media scenarios. Examples of scenarios could include someone who posts an inappropriate comment on the organization’s wall or a social media manager who accidentally posts personal information on the organization’s account. Once you have a list of all the possible crises, those creating the plan should answer the following questions: 1) Who is the first responder? Staff should understand who to contact in the event of an online crisis situation, and how / when it’s appropriate to contact them. 2) Should the response be public? Most social media issues will start on a public forum. Sometimes an organization can reply to negative comments publicly. Oftentimes, it’s best to move negative conversations offline to avoid having them escalate. This can be done by publicly asking the commenter for a personal email address or telephone number. It’s important to remember to respond in some way and not ignore the negative comment. 3) Who should be the spokesperson? Regardless of the size of the crisis, there should be a designated spokesperson for the organization to keep all external messages consistent. This could be the social media manager, the communications manager, the minister or someone else. It should be someone who understands the social media tools and is able to speak articulately under pressure. 4) Who do you need to communicate to about the crisis? Depending on the situation, different audiences will need to be informed. It could be the congregation, only parents of minors, only users of a particular social media tool or another subgroup. If it’s a significant situation, the local community or media might need to be informed. 5) What tool(s) should be used to communicate information to your primary audiences? You might decide communicating on the original social media platform is the only response necessary. For a larger situation, communication via more traditional tools — such as email, written letters or telephone calls — also might be necessary. Online communication risks can’t be eliminated completely. However, understanding and assessing the risks, and then developing and implementing a comprehensive Social and Digital Media Code of Conduct, will help religious organizations mitigate the risks and reap the benefits. CE Emilie M. Pierschalla is a former editor at Church Mutual Insurance Company in Merrill, WI. Edward A. Steele, CSP is Risk Control Manager for the company.
07/2014 | SOCIAL MEDIA STARTER KIT | CHURCH EXECUTIVE | 13
ARE YOU How to review your insurance policy for social media risk coverage compliance
BY STEVEN ROBINSON
Today, churches of all sizes are increasingly relying on various forms of new media to connect with their members and donors, not to mention for outreach efforts. Perhaps no two mistrial areas have benefited greater than worship and youth, where the words, images and social interactions work together to form more visceral connections. As churches continue to use tools such as social media, streaming video and other techniques to enhance their missions, it’s important for administrators to examine not only the benefits, but also the risks — and to make sure their churches’ insurance is keeping pace with this ever-changing risk landscape. Here, we offer a few suggestions about what to look for when reviewing your insurance policy for social and other media risks.
First, a few words about risk Most churches don’t have the proper policies and procedures for policing content across their entire website and social media footprint. Perhaps the primary church website is reviewed regularly, but what about the “spin-off” sites developed by various ministries throughout the church? Posts across these channels can lead to everything from breaches of a person’s right to privacy (think: communication about a recovery group meeting that identifies specific individuals either via invite, “like” or otherwise), to personal injury (think: unkind posts on Facebook from one student about another student within a youth group), to infringement of intellectual property
14 | CHURCH EXECUTIVE | SOCIAL MEDIA STARTER KIT | 07/2014
rights (think: use of a popular worship song playing in the background of a video promoting an upcoming sermon series). When it comes to risk transfer in this area, traditional insurance policies haven’t kept pace. Breach of privacy is one example of a risk that’s not adequately contemplated in traditional policies. For instance, there’s often a requirement for “publication” of material that violates a person’s right to privacy in a commercial general liability (CGL) policy. Is a comment from an outsider on a church’s Twitter feed considered “publication,” — which, by the way, is typically an undefined term in the insurance policy? Insurance Services Office (ISO) issues the most widely used policy wording that become industry standard for insurance companies to adopt. ISO recently made it very clear (May 2014) with the introduction of several exclusions, further illustrating their intent not to cover these types of risks. Check your policy in the “Personal and Advertising Injury” section of the CGL. If you see wording such as this, beware. Typically, you will find exclusions in commercial general liability policies for personal injury that takes place in electronic environments, with specific wording that identifies “electronic bulletin boards” and “chat rooms” as excluded areas. This effectively eliminates coverage for any libel, slander and
defamation in a social media or blog environment. Not good! CGL policies are also widely known to carry exclusions for violations of copyright and trademark. This coverage gap becomes critical as photographs, artwork, video, music and lyrics form essential elements in communicating a church’s message. It’s bad enough to use these things without permission on a screen in front of 300 people on a Sunday — but posting them on a website for the world to see takes the risk to a whole different level. Typically, the violations are inadvertent; however, the penalties can be no less severe. Churches need a properly constructed cyber risk policy to contemplate the risks mentioned above. In the media / website liability sections of these policies, it’s important to look for broad definitions of “covered media” and “media activities.” Make sure “covered media” isn’t limited only to your website, but also extend to websites you might not “own,” but where you
manage content — social media sites, for instance. For churches whose media footprint is more diverse (including live streaming of services and the publishing of extensive written works that might include advertisements), a complete media liability policy that dovetails appropriately with a cyber risk policy might be more appropriate. CE Steven Robinson is Area President, Technology & Cyber, at Risk Placement Services, Inc., an Arthur J. Gallagher & Co. division, in Cambridge, MD.
07/2014 | SOCIAL MEDIA STARTER KIT | CHURCH EXECUTIVE | 15
How to develop an adult electronic communication policy BY CRISPIN KETELHUT
There has been a momentous shift in communication in our society in recent years. We have traded in-person, face-to-face relational interaction for a virtual and technologically advanced world of electronic exchange. Contrary to the thoughts of some, we are not in the midst of a “cultural fad.” This virtual world has become a foundational, cultural reality that is here to stay, and technology will only continue to advance before our eyes. The question that is often asked is if the organization will or will not participate in this online conversation. If we do not enter into this realm and learn how to use its assets, we will have lost the opportunity to engage the contemporary culture in the new agora. Moreover, we would be doing a great disservice to our ministries and to the people we serve — particularly our youth. There is no disputing how powerful social media or electronic messaging can be. It has increased educational opportunities; provided the capability to communicate with practically anyone anywhere in the world, at any time; it has changed the face of business and marketing — the list is quite extensive. Therefore, as organizations who work with youth, a better question is not whether we should enter into this electronic medium of conversation, but rather, how do we appropriately and safely engage others? The real issue concerns organizational and individual transparency as it relates to the establishment and continued maintenance of boundaries for meaningful electronic communication. Some of you might already have an adult electronic communication policy at your locations, while others may not yet have integrated them into your code of conduct documents. Whether or not you already have one of these policies in place, the following are some important items to remember. It has been a long-held philosophy of The National Catholic Risk Retention Group, Inc., and NCS Risk Services, LLC, that access to any ministry should be supervised administratively through proper screening and clear policies. Every organization that has a relationship with youth should adopt an organization-wide policy that requires professionalism, and espouses the virtues
16 | CHURCH EXECUTIVE | SOCIAL MEDIA STARTER KIT | 07/2014
of prudence and transparency through a marriage of ministry and safety. From the ministerial perspective, there must be a proper framework in which all individuals can thrive. Through transparency and the establishment of boundaries, an organization may freely evangelize and deliver the message that has been entrusted to that organization for others. One of the challenges with regulating access to electronic communication is that one may never know the true identity of the other person with whom one is interacting. Another concern is the intrinsically isolated nature of the communication and the fact that the “contact” is usually outside of the sight and hearing of others. Seemingly innocuous conversation about school or ministry between the organization’s staff or volunteer member and a minor can easily move to conversations of a more intimate nature. This direct access makes it easier for a potential threat to interact with children in ways and places that used to be considered private, such as the home. At its very core, electric communication provides the opportunity for the potential predator to enter our private realms without restriction, and breach our physical walls that traditionally have been the first line of defense.
Practical questions to consider Do all adults take advantage of the rules or the vulnerabilities of others? No, of course not. Do some adults feel that they are above the rules? Sure, we see that people often disregard rules when there is little chance of being caught — perhaps most often on the road when people disregard speed limits. Do adults ignore specific rules when it comes to ministry? Not all, but some do. Does that mean that anyone who puts themselves in bad situations, or who does not >>
07/2014 | SOCIAL MEDIA STARTER KIT | CHURCH EXECUTIVE | 17
follow the rules, is a child abuser who is grooming children? No, not necessarily. So, is there really any harm? If you have good intentions, why are you unable to interact or communicate in the way that you want through the Internet with youth affiliated with your organization? What is the “big deal”? It is important to understand that an adult is always in a position of authority over a child through the very nature of being an adult. This is even truer as an official volunteer or staff member of the organization. It is an elevated role that all adults must respect and acknowledge, particularly through some form of a code of conduct and / or a policy. Not only is there a due diligence concern here, but also even possible issues regarding the adult’s modeling of proper behavior in line with the values of the organization. More important, there is at least one discrete obligation of any organization or adult with ministry or contact with youth: protection. We collectively have a responsibility and privilege to protect youth and children and, as adults, an ethical duty to know and respect proper boundaries. One adult’s indifference for policies and boundaries could be teaching a child to tolerate certain types of inappropriate communication or contact from other adults. Some behaviors actually could condition children and youth to accept behavior from another that they would normally resist. Couple this with the fact that in our society many youth do not understand what boundaries are, and we have a serious issue. Even worse, perpetrators will take advantage of these actions. Thus, adults who interact with youth should exercise extreme care.
Making the private, public The next essential question is this: How do we convert something that is intrinsically private — such as electronic communication — into something transparent within a public forum? The overarching administration of an organization should create and promulgate a written policy that embraces transparency, organically grows to sustain policies for emerging technology and houses a system of checks and balances. It should denote the administrative procedures for submitting a policy violation and the rights and actions that are available for all parties. Having a policy creates accountability for the organization and the individual. Also, the organization should create and distribute a code of conduct with clearly established appropriate and inappropriate behavior. All these procedures should have a signature page to be returned back to the organization and kept on file, that acknowledges
18 | CHURCH EXECUTIVE | SOCIAL MEDIA STARTER KIT | 07/2014
receipt and that indicates understanding of the material. These types of documents are valuable because they reduce inappropriate behavior by innocent people since they provide a standardized foundation of expected behavior from all adults. Familiarity with them also makes it easier for caring adults to communicate their concerns to the appropriate contact person regarding a warning sign / red flag or inappropriate behavior.
A procedural outline A set of procedures specifically outlining social media use or electronic communication on behalf of adults should encompass, but not be limited to, the following: Definitions and parameters: The overarching organization must create a policy that has accountability for each method of communication, which also means that there should be a lengthy and encompassing set of definitions and parameters. For example, communication facilitated via laptops, smart phones, tablets, gaming consoles and sites, the Internet, including interaction through any type of cell phone, mobile device, email, webcams, social networking sites (Facebook, Vine, Instagram), content-sharing sites, blogs, microblogs (Twitter), etc. Permission: Written permission should be obtained from the parent / guardian to communicate with the adolescent minor(s) electronically or via the main phone of the household. This permission form — signed by the parent / guardian — should include what forms of communication are preferred to contact the children. In the case of young children, only parents should be contacted. There should be additional language denoting that there will be an attempt to call the home’s landline number as much as possible to reach the youth. Record keeping: Copies of all electronic communication must remain on file (either physically or electronically) for an indefinite amount of time at the sponsoring organization. Checks and balances: It should be the policy of the organization to create a public social media account for the adult in public ministry using the name of the organization, along with oversight of more than one non-related person with access to the messages, content and passwords. Additionally, there should be regular accountability checks by another individual. The organization must also provide regular oversight and monitoring processes, and provide a clear natural chain of command in case of issues and concerns. Personal accounts and phones: People within ministry should not use personal email addresses or accounts. Unless an extraordinary circumstance (which should be defined), personal cell phones should not be used to consistently communicate with youth. Additionally, clergy members should always self-identify their clerical role. “Friending” students and private messaging: Parameters should also include the “friending” of
students. No adult should “friend” a student from a personal account unless that person is older than 18 and no longer a “youth” participant. Additionally, if adolescent minors are contacted, parents should receive a copy of the communication. There should be no private, one-onone messaging. Appropriate timeframes: Specify the hours that youth may be contacted. A good rule of thumb involves the hours that one would also be able to call a home’s landline. If one would not call the landline phone to speak to the parent at 9 p.m., then one should not be calling the youth, either.
and children for abuse and setting them up for failure. Seemingly harmless electronic communication might have a devastating long-term impact on children and youth. Becoming more aware, behaving transparently and intervening when behavior seems risky or inappropriate helps protect children and those who genuinely care for them from unsafe or even dangerous situations. The use of an electronic communication policy is not useless, extra paperwork. Rather, it’s an essential tool that can be used to protect our children and youth. CE Crispin Ketelhut is the Associate Director of the VIRTUS® Programs, NCS Risk Services, LLC, in Tulsa, OK.
A joint effort Let us partner together to prevent conditioning youth
07/2014 | SOCIAL MEDIA STARTER KIT | CHURCH EXECUTIVE | 19
BY DAN WATSON Many employers know that the fastest way to learn about job applicants is to Google their names and see what pops up on social media sites such as Facebook, LinkedIn or Twitter. While social media might be an excellent source of information, you should be aware of the legal and ethical issues involved in using social media to screen your staff.
Take a pass on passwords Most social media users have privacy settings in place that make their Facebook pages viewable to only select people or networks. A hotly debated topic is whether or not current or prospective employers should have access to a job applicant’s Facebook password — and all of the information behind it. While most states allow employers to request job applicants’ social media passwords, demanding access to private social accounts has raised legal questions across the country. Facebook has warned that requesting passwords could open companies to liability for invasion of privacy. In April 2012, Maryland was the first state to make it illegal for a boss to ask applicants or employees for passwords to any social media sites. Illinois followed suit in August 2012, and other states are considering similar bans. The law does permit employers to seek an applicant or employee’s user name to review public posts. The best practice is to avoid asking applicants to provide passwords to their blogs or social media sites. Instead, stick to public information that you can see without a password.
Use only job-connected information Social media sites can provide useful information about potential hires, but they also give employers a peek at personal information that might not be relevant to the job. This can open the door to discrimination claims, according to Dallas attorneys Peter G. Smith and Whitt L. Wyatt in their resource, Using Social Networking Websites for Hiring Decisions: Legal and Ethical Considerations. Employers can possibly discriminate against candidates when they make hiring decisions based on information discovered online that they aren’t allowed to ask about during an interview. A person’s age, nationality, pregnancy or disability fall into that category of information — the type that’s available to employers only if it’s relevant to an applicant’s fitness to perform a job. Otherwise, federal law considers such questions discriminatory. If you’re using social networks to screen workers, make sure to base employment decisions on information relevant to the person’s ability to do the job or fulfill job requirements. Ask an attorney to help you draw up some guidelines on how to use social media as part of your hiring process.
Stick to the facts Some studies indicate that nearly 80 percent of human resource departments now use social media when evaluating candidates for potential jobs. Social media screening can help verify an applicant’s resume claims and give insight into a candidate’s personality. In some cases, it might also expose undesirable traits or behaviors. Social media can be a useful hiring tool, but ministries should take care to use the tool legally and ethically. CE Dan Watson is a communications specialist with Brotherhood Mutual Insurance Company in Fort Wayne, IN. More ministry-specific risk management resources are available on the company’s website.
07/2014 | SOCIAL MEDIA STARTER KIT | CHURCH EXECUTIVE | 21
22 | CHURCH EXECUTIVE | SOCIAL MEDIA STARTER KIT | 07/2014
BRING-YOUR-OWN-DEVICE
POLICIES Key considerations for developing one at your own church
BY ROBERT ERVEN BROWN, ESQ.
The emerging transformation from paper to digital storage is a confirmation that the power of this technology can work for us — or against us. If you’re going to allow staff to use their own devices at work, it’s important that each individual acknowledges a key tenet: It might be his or her device, but it’s your church’s data that’s being exposed to hackers and thieves. Always remember that if an app is free, then your church (and its data) is the product. Several mundane — yet critically important —organizational disciplines impact the effectiveness of our churches’ bring-your-own-device (BYOD) policies and procedures: • Have a seven-digit, mixed-character password. • Require that passwords be changed weekly or monthly. • Do random enforcement audits. • Require IT department approval before mobile apps involving donors / donations can be implemented. • Restrict addition of unauthorized apps to mobile devices which have access behind your church’s firewall. • Stage a system attack; see how well your system responds to a phishing, social engineering or malware infiltration. • Consider building in “bunkers” to limit access when a disgruntled volunteer or employee attempts to harm the organization, or if a laptop is stolen. • Carefully review the data lifecycle for obtaining financial giving records, bank account information, credit card data and background checks so that unnecessary information is destroyed and the destruction process is properly documented. • Consider a procedure for staff education to prevent online copyright and media liability violation, as well as a procedure for detection of the same. • Review your disaster recovery plan. • Test your disaster recovery plan. • Insist that staff report lost devices immediately upon loss. • Establish the data wipe protocol for lost devices. • Check with your IT people to see if it’s possible to sequester the data wipe so that personal photographs and music aren’t deleted as part of the protocol for a lost device. • This encourages employees to report lost machines >>
07/2014 | SOCIAL MEDIA STARTER KIT | CHURCH EXECUTIVE | 23
more promptly — if they think their personal items aren’t going to be immediately destroyed as part of the wiping protocol, that is. • Control home use. • Require departing employees to have their device “whited” by your IT department. It’s not unusual to find that departing employees still have access former employers’ email accounts weeks after they’ve left. • Consider prohibiting (or at least set guidelines for) Wi-Fi connections, such as in Starbucks. Educate staff on the realities of hacking and the costs of data loss. Again: It’s their device, but it’s the church’s data that’s at risk. • Remember this maxim: A naïve device user x doing something stupid = data loss. More data is voluntarily given away on the Internet than is stolen. • Be sure that none of your device users are continuing to use windows XP, due to loss of support. Speaking of apps, new android apps are available from multiple stores. Unlike Apple apps, android “APK” apps can be site-loaded. In other words, these apps can be transferred directly from one phone to another. Thus, a coworker can now share his new version of Angry Birds in Korean with another coworker, phone to phone. This creates an entirely new threat matrix for cell phone and portable device users. Additionally, the overall security policy must consider these elements: • Government regulators and government data collectors • Cyber criminals, malicious hackers and malicious attackers • Commercial data collectors and programmers Educate your staff about the dangers of “trading” personal data for “free” stuff: Google plus, Yahoo, Facebook, LinkedIn, Instagram, etc. — all are sources of creating data, which are then resold by the companies which acquired it. This includes retail store loyalty accounts. Once again: If you’re not paying for it, then you’re not the customer — you’re the product.
Beware of personal file-encryption programs These programs require you to purchase a private key to avoid loss of your data from a crypto locker. According to the 2014 Ponemon Study, the average cost of a data breach in the U.S. is just under $200 per
24 | CHURCH EXECUTIVE | SOCIAL MEDIA STARTER KIT | 07/2014
record. (Note that this cost increased from $59-perbreach record between 2011 and 2014.) This study found the root causes in the 314 large-scale data breaches studied were: • Human error — 30 percent • System glitches — 30 percent • Malicious criminal attacks — 40 percent As of June 1, 2014, there was no national breach notification law; but, three cyber security or privacyrelated bills were pending in the U.S. Senate. There’s a patchwork state and territory laws dealing with data breach notification. Unfortunately, these laws lack uniformity and consistency. An Arizona statute, for example, says anyone who conducts business in Arizona and owns or licenses unencrypted data that includes personal information must conduct a reasonable investigation to promptly determine if a breach has occurred. If it maintains unencrypted data, then that organization must notify and cooperate with the data owner, and then notify —in the most expedient manner possible — when a breach has occurred. It’s under a statutory duty to determine the nature and scope of the breach, identify the individuals affected, and restore reasonable integrity of the data system as soon as possible. The notification may be written, electronic or by telephone. This law may be enforced by Arizona’s Attorney General and can include up to a $10,000 civil penalty per breach of system if the violation is a willing and knowing one. CE Robert Erven Brown is an attorney licensed to practice in Arizona. He and his nonprofit practice group work with nonprofits and churches, helping them manage key operations connected with their missions, visions and causes. As permitted by local Rules of Ethics, they collaborate with attorneys who are licensed in states other than Arizona. He is the author of Legal Realities: Silent Threats to Ministries, which describes his Campus Preservation Planning© initiative — a comprehensive program designed to manage the wide array of risks facing non-profit organizations. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering legal, accounting or other professional service. If legal advice or other expert assistance is required, the services of a competent professional person should be sought. “From a Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations.” Simply reading this material this does not create an attorney/client relationship with Brown, as this article is general legal information, not legal advice. A formal attorney/client relationship will not be established until a conflict check is completed and an engagement letter has been signed by both the attorney and the client. No “informal” legal advice will be provided by telephone. Simply sending an e-mail to Brown will not create an attorney/client relationship.
07/2014 | SOCIAL MEDIA STARTER KIT | CHURCH EXECUTIVE | 25
Just because a church is big, doesn’t mean its cyber risks are covered BY STEVEN ROBINSON
As an insurance broker who specializes in identifying cyber and media risks in church ministry, I learned long ago that just because a church is large, it doesn’t mean their insurance policies are adequately covering their risks. Particularly in the case of rapidly growing churches whose growth and outreach have been fueled largely by the effective use of media in various forms — across many platforms — insurance coverage has not kept pace. I’m going to share a few examples of this as it relates to a megachurch whose policies I recently reviewed. For the sake of this case study, I will simply call it “Church A.” Hopefully, by sharing some of my findings in this review, it will help your church take a more informed look at its own coverage related to privacy and communications in today’s electronic environment. 26 | CHURCH EXECUTIVE | SOCIAL MEDIA STARTER KIT | 07/2014
First, a bit of background. Church A has campuses in multiple states across the country, in addition to a vast digital footprint. To say the least, it has effectively harnessed the use of the internet to spread its message to thousands of people worldwide, attract members, support missions, raise money and provide resources to colleagues in ministry all over the world. This is no small operation. Like many rapidly growing churches I see, Church A purchased its insurance from a local broker and has remained loyal to this relationship for years. While this is admirable in one sense, unfortunately, the insurance the broker provided in 2005 has remained the same, while the church hasn’t.
Here are just a few examples of what I found in the areas of cyber and media risk: “Cyber” coverage was being offered to Church A that contained numerous exclusions and a requirement for any “data breach” to be “electronic” in nature. What if a data breach occurred as a result of stolen paper records? What if it wasn’t actually “data” that was breached, but rather a church member’s right to privacy? The media/website liability section of this policy carried no coverage for violation of intellectual property rights. This is a big deal for churches using various forms of online and offline media for promotion, worship services, events, etc. The first-party coverage (expenses the church would have to incur itself to deal with a data breach) were not only missing important elements — such as Business Interruption, Call Center Services, Extortion, Data Restoration and many others — but several other critical data breach response coverages required that a lawsuit first be initiated before coverage would kick in. This was perhaps the most egregious requirement of this particular policy. Coverage limits were disproportionately low. For instance, estimates for the per-record direct cost of a data breach vary widely, anywhere from $10 to $70. In this case, Church A had giving information on more than 100,000 individuals. At the low end, a complete data breach could cost as much as $1 million; yet, the church’s limit was $250,000, and the coverage was rife with exclusions.
Don’t let this happen at your church Here are a few things to look out for to make sure your own church doesn’t find itself in the same coverage situation after a claim occurs: In the website / media liability section of your cyber risk policy, make sure that “media material” is not limited to “websites owned by the insured.” (You do have a cyber risk policy, right?!) You want to make sure that your church’s use of websites it doesn’t “own” — Facebook, Twitter, Instagram, etc. — is covered for allegations against your church for personal injury. It’s important to examine what some policies will refer to as “covered media activities.” Is it limited solely to websites, or are the definitions more broad to include publishing of written material, videos and so on? The broader, the better. Check your limits. It’s becoming increasingly common for the limits in a cyber risk policy to be the same for both liability coverages and first-party, out-ofpocket coverages such as privacy breach notification, legal assistance, IT forensics, PR assistance, credit monitoring and e-business interruption. These first-party coverages are the first to get tapped in a cyber event, so make sure they aren’t sub-limited to extremely low levels. It’s essential to team with a broker that not only understands cyber risk policies, but also their application in the church environment. Covering these gaps doesn’t have to be terribly expensive — but the price of getting it wrong can be. CE Steven Robinson is Area President, Technology & Cyber, at Risk Placement Services, Inc., an Arthur J. Gallagher & Co. division, in Cambridge, MD. 07/2014 | SOCIAL MEDIA STARTER KIT | CHURCH EXECUTIVE | 27
Sample Code of Conduct
| Co-written by Crispin Ketelhut
This organization is committed to providing a safe environment for children within all activities and ministries. Children are a most precious gift and all the faithful cooperate in taking every reasonable action to ensure their safety. An important tool in creating safe environments for children is a uniform Code of Conduct. The purpose of this Code of Conduct is to make clear to clergy, employees and volunteers that certain behaviors are unacceptable and to ensure proper monitoring of all youth. These guidelines apply to all of this organization’s activities where youth are present. All adults performing work, ministry or volunteer service within this organization are expected to follow these guidelines. Violations of these guidelines are a serious matter and will be investigated and resolved in accordance with this organization’s policy. Those who work with children are serving as stewards of God’s precious gift of young life. Keeping this principle in mind will reinforce the need to respect boundaries and to provide an example of a holy life. DEFINITIONS A. Adult Volunteer 1. Adult volunteers are defined as those 18 or older who are no longer in high school. 1a. Students who are in high school and have not reached their 19th birthday are to be treated as minors when participating in this organization’s activities. 1b. Adult volunteers may not volunteer in their parish’s youth ministry program until they reach 21 years of age if they were a participant in its youth activities as a minor. 2. 3.
Adult volunteers are not counselors. Their response to situations and conversations by minors may have potential legal implications and they should, therefore, know their boundaries. The role of an adult volunteer is limited to compassionate listening. For the purpose of this document, all instances denoting requirements and/or guidelines for “adult volunteer(s)” are also binding for all clergy and this organization’s personnel.
B. Chaperone / Supervisor 1. A Chaperone/Supervisor is defined as an adult volunteer that has oversight or supervisory authority over youth. These individuals share in the responsibility and authority of this organization’s staff person designated to have oversight of a particular youth event or activity and its leaders. 1a. All Chaperones/Supervisors must be at least 21 years of age. 1b. When determining the appropriate ratio of Chaperones/Supervisors to minors for activities, a husband and wife that have direct supervision over the same group of individuals only count as one Chaperone/ Supervisor. C. Child 1. For the purposes of this Code, “children,” “child,” “minor,” “youth,” or “young person” is defined to mean any person less than 18 years of age. D. Social Media 1. Social Media is defined as any form of electronic communication through which a user creates, utilizes, accesses, retrieves, and/or visits online communities or systems to share information, ideas, personal messages, and other content. 2. For the purposes of this Code, Social Media is to encompass, but is not limited to, all of the following: email, texting, chat rooms, instant messaging, social networks, video messaging, on-line message boards, gaming systems, landline and mobile telephones, on- line voice communications, etc. 2a. In accordance with this organization’s Policy, as stated in the Information Security Policy,
28 | CHURCH EXECUTIVE | SOCIAL MEDIA STARTER KIT | 07/2014
“All information and messages that are created, sent, received or stored using this organization’s communication assets are the sole property of this organization, and no user has any ownership interest or expectation of privacy in such communications. This organization retains the right, in its sole discretion, to review all information or communications sent, received, stored, or posted using this organization’s communication assets. This organization also retains the right to track Internet site, chat room and newsgroup visits, as well as file downloads, for compliance with this organization’s policies and for other business reasons. This organization has the right to conduct such review without prior notice to the employee. The user consents to allow this organizations information’s services department and management department access to, and review of, all materials created, stored, sent or received, by the user through any organizational network or Internet connection. Employees may not intercept or disclose, or assist in intercepting or disclosing, electronic communications.” and,
“This organization retains the right to monitor the content of electronic communications. The content of electronic communications and the usage of electronic communication systems will be monitored to support operational, maintenance, auditing, security, investigative activities and for other business reasons. IS staff will not review the content of an individual user’s communications out of personal curiosity or at the request of individuals who have not gone through the proper approval process.
A report of misconduct is to be sent to the Chancellor or the Moderator of the Curia to have email messages or Internet activity reviewed or monitored. The Chancellor or Moderator of the Curia will authorize or deny monitoring. If authorized, the Chancellor or Moderator of the Curia will contact the IS Director to initiate the review / monitoring. The results will be returned to the Chancellor or the Moderator of the Curia.”
SOCIAL MEDIA, COMMUNICATION AND TECHNOLOGY A. General Guidelines for Social Media 1. All ministry social networks and communication should be open and transparent. 2. All clergy must always self-identify themselves as clergy with the appropriate title in their username and/or profile. 3. Clergy social media accounts are always to be presumed to be ministry accounts and thus to be open and transparent. 4. Personal social media accounts may not be used for ministry communication with minors. 5. Each ministry that communicates with minors should establish a dedicated account that is used exclusively for ministerial purposes and that may be accessed, monitored and used by more than one unrelated adult volunteer. 6. Use of social media communication for private one-on-one contact with minors is not permitted. In the rare event that these activities occur, the communication must be kept on-file and at the organization location in an easily accessible format. 7. Written permission from their parent(s) or the legal guardian is necessary prior to any electronic communication with a minor that cannot be openly seen by the parents and unrelated adults. >>
07/2014 | SOCIAL MEDIA STARTER KIT | CHURCH EXECUTIVE | 29
8. All text-based communications sent to or received from young people must be copied to their parent(s) or the legal guardian or an additional adult volunteer. These communications must be kept on-file and at the organization location in an easily accessible format. 9. Communication with minors via electronic means is to be restricted to the hours that are appropriate for a phone call to the residence, except in the event of an emergency or to communicate time-sensitive information. 10. The “tagging” of a minor in a picture or video is prohibited. 10a. If an electronic photograph or video is posted on any ministry site, all names related to minors must be removed. 11. Further advancements in technology may require periodic updates and addendums to this section of the Code of Conduct. The universal principles provided for above are to be applied prudently and judiciously in the event an update has not occurred. THE ACKNOWLEDGEMENT PAGE BELOW SHOULD BE SIGNED AND RETURNED. CODE OF CONDUCT RECEIPT FOR PERSONNEL AND VOLUNTEERS OF THIS ORGANIZATION: The following is the official receipt denoting that the individual whose signature appears below has read and understands the guidelines contained in the attached document. This sheet will be kept on file at this organization indefinitely. Please complete and return.
I have read and understand the guidelines contained in this organization’s Code of Conduct. I intend to follow these guidelines and to monitor and protect children and young people in my service to this organization.
Full Legal Name (Please Print)
Signature Date
Position / Ministry
Parish / School / Organization
Email or Phone Number This sample Code of Conduct is provided courtesy of Virtus Online, a program and service of The National Catholic Risk Retention Group, Inc., in Tulsa, OK. This verbiage is only an excerpt from a Code of Conduct, and should not be used as an organization’s comprehensive policy guiding all adult behavior.
30 | CHURCH EXECUTIVE | SOCIAL MEDIA STARTER KIT | 07/2014
Sample Social Media Policy SUMMIT CHURCH Summit Church is a non-denominational multi-campus church centered in and around Orland, FL. Summit Church’s vision is to form biblically functioning communities that reach people, connect in Christ-centered relationships, serve others, teach truth, and worship God.
Personal Account We encourage our staff to have their own personal social media accounts and blogs, and to be the eyes and ears of Summit when they can. #hashtags and tips on what to communicate are provided for large Summit events. Staff are representing Summit Church, but more importantly Jesus; so, what they post should represent them well. What they post should be consistent within the honorable mission of Summit Church. The publication of any statement, comment, imagery or information through any medium of communication which is potentially adverse to the operation, morale or efficiency of Summit Church, is subject to disciplinary action. We encourage staff to use the 5R’s when using social media: 1) Reason. Simply put: use reasonable etiquette, the same as you would offline. 2) Represent yourself. Anonymous profiles lend themselves to more negative content. 3) Responsibility. Make sure that what you’re saying is factually correct, and also that it doesn’t reveal information that we haven’t yet announced publicly. 4) Respect. What you say online is a permanent record, so don’t say anything online you wouldn’t feel comfortable saying to the whole office — with a camera rolling. 5) Restraint. Before you hit that “send” button, pause and reread. If you wouldn’t want that particular thought or contribution forever associated with your name, don’t post it. (5R’s taken from the post, “To Do: Update Company’s Social Media Policy ASAP,” Forbes.com) In a time of corporate crisis, we ask our staff not to send out communication that has not been approved by Senior Leadership and to use discretion about what they are posting. We ask that emotional processing happens within the context of a close personal friend, community of believers or spouse, and not posted publicly over social media outlets, blogs or email.
Corporate Account Staff who have access to social media accounts for Summit Church, need to be aware that they are representing the views and vision of Summit Church. The publication of any statement, comment, imagery or information through any medium of communication, which is potentially adverse to the operation, morale, or efficiency of Summit Church, is subject to disciplinary action. >> 07/2014 | SOCIAL MEDIA STARTER KIT | CHURCH EXECUTIVE | 31
In time of corporate crisis, we want our Social Media team to use discretion in the comments and posts that are made. We desire to be as transparent to the degree to which it is helpful to our congregation. We also want to allow Senior Leadership the first opportunity to address the congregation personally. Therefore, a time off of social media platforms may be needed to allow for this space. Summit’s social media team is encouraged to monitor Facebook, Twitter and Instagram comments and respond within 24 to 48 hours. A level of security has been placed on Facebook in regards to blocking specific words and language. Summit social media accounts should only follow staff, in addition to vendors who represent the values that hold true to Summit Church.
Past Employees For former employees with previous access to Summit’s account: Access to Summit’s account is manually removed on Facebook, along with an update of other Social Media and Social Media service (such as Hootsuite) passwords.
SUMMIT CHURCH 513 Social Networking and Blogging Policy Effective Date: 3/1/2013 To protect Summit Church’s interests, employees must adhere to the following rules: Employees may not post on a blog or social networking site excessively during their working time, unless this is an express part of their job duties on behalf of Summit or their department. All rules regarding confidential business information apply in full to blogs and social networking sites. Any information that cannot be disclosed through a conversation, a note or an e-mail also cannot be disclosed on a blog or social networking site. The transmission of confidential or proprietary information without the permission of Summit Church is prohibited. If you mention Summit Church in a blog or elsewhere in online social media, or it is reasonably clear you are referring to Summit Church or a position taken by Summit Church, and also express a political opinion or an opinion regarding Summit Church’s positions, actions, or products, the post must specifically disclose your relationship with Summit Church and note that the opinion expressed is your personal opinion and not Summit Church’s position. Any conduct which is impermissible under the law if expressed in any other form or forum is impermissible if expressed through a social networking site. For example, posted material that is discriminatory, defamatory, libelous or malicious is forbidden. Summit Church’s policies — including but not limited to the Equal Employment Opportunity, Sexual Harassment, Harassment and Workplace Violence policies — apply equally to employee comments on social networking sites, even if done on nonworking time. Employees are encouraged to review those sections of the Handbook for further guidance. Excerpted from Summit Church’s Employee Handbook
32 | CHURCH EXECUTIVE | SOCIAL MEDIA STARTER KIT | 07/2014
Sample Social Media Policy This policy provides guidelines for employees and volunteers to follow when they use social media tools on behalf of (name of ministry), or when (name of ministry) becomes part of a social media dialogue. New social media tools emerge regularly. This policy applies to all forms of social media: those currently in use and those that (name of ministry) may adopt at any time.
Use of Social Media • • •
All (name of ministry) policies, including harassment, confidentiality and software use policies, apply to the use of social media. (Name of ministry)’s official social media participation is managed by the (social media team, an individual, a ministry committee, etc.). This (team, individual, committee) is responsible for regularly posting information on the ministry’s behalf and for monitoring and responding to posts on these pages. Ministry employees who misuse the ministry’s social media resources in ways that violate the law or other ministry policies are subject to disciplinary action.
Social Media Guidelines 1) 2) 3) 4) 5) 6) 7) 8) 9)
Employees and volunteers interested in representing (name of ministry) on social media must first sign a consent and application form and attend a social media training class. The class will outline the recommended practices, limitations and legal parameters for administering the ministry’s social media accounts. Social media postings should not disclose sensitive or confidential information, unless the person that the information concerns has given written consent to share such information. This might include medical information or other personal matters. Social media representatives should refrain from posting photos of individuals — or identifying the individuals — on the ministry’s official social media pages without their prior written consent which may be given by email or text. Social media representatives are responsible for disabling the “tagging” of individuals in photos posted on the ministry’s page. If the photos include location information, this information is to be removed as well. Social media representatives will respect copyright and fair use laws, making sure that they have permission or authority to use content before posting it. Simply giving credit to the author will not protect the ministry from a possible copyright infringement claim. Social media representatives will monitor the page at least once per (measure of time), removing content that is obscene, embarrassing, abusive, or otherwise objectionable. If any posted material appears to be illegal (example: child or elder abuse, etc.), social media representatives should contact their supervisor and other appropriate authorities. When communicating with youth via social media, employees and volunteers should follow the ministry’s youth communication policy. In addition, ministry workers and volunteers who serve in children and youth ministries should keep their professional image in mind. Online conduct and behavior affects this image. (Name of ministry) discourages staff members and volunteers from accepting invitations to “friend” youth members within personal social networking sites. Contacting youth members outside the ministry’s youth group page may create risks for the ministry workers and alter the dynamic between a youth leader and youth. Employees and volunteers are personally responsible for the content they publish online, including content they publish through their own social media pages. Employees should be sure to identify themselves as part of the ministry staff, including their role at (name of ministry) and make it clear that they are speaking for themselves, not officially for the ministry. As an employee or volunteer of (name of ministry), remember that your online posts have the potential to affect the ministry, even those you make on a personal level. For this reason, we ask that you conduct your online interactions in accordance with the Employee / Volunteer Handbook, the ministry’ statement of faith, and code of conduct. In the event of a crisis, contact the social media leader, church leadership and the church attorney before responding to any posting or comments related to the crisis.
This sample Social Media Policy is provided courtesy of Brotherhood Mutual Insurance Company in Fort Wayne, IN. This is a sample document only. Your organization is responsible for compliance with all applicable laws. Accordingly, this sample should not be used or adopted by your organization without first being reviewed and approved by an attorney. Brotherhood Mutual Insurance Company assumes no liability in connection with the use or distribution of this sample document.
07/2014 | SOCIAL MEDIA STARTER KIT | CHURCH EXECUTIVE | 33
A PUBLICATION OF
CHURCHEXECUTIVE.COM
800.541.2670