Q: My question concerns employment law and privacy issues in a church.
The head priest has requested the following information from all staff members: usernames and passwords for 'company' email, Zoom, Facebook, or other 'service accounts;' and PIN codes for credit card accounts and 'other company accounts.' He states they are to be kept in a 'central location' to be accessed when I am not available. In addition, he has asked for personal member information (names and contact info) for a 'church-wide directory,' including participants in my Sunday worship services, Bible Study classes, and 'outreach' programs. He presented this request as an annual update of information systems in the church office, yet, in the 2 and-a-half years I have been employed, he has never asked for this information. I am concerned about divulging personal information without consent. As well as disclosing PIN codes and passwords. Is he operating within his employer rights?
A: What you are describing certainly appears to be a violation of your right to privacy, you can make a complaint to HR, consult an attorney or do both.
A:
He is certainly allowed to ask you to divulge usernames and passwords for all church related accounts. He is not entitled to your personal credit card or bank account information.
This is a church. It is ideal if you take these questions directly to him to discuss reasonably and rationally your concerns. A lawsuit should not be your first thought. Conciliation among members of the same church is part of the faith and it would be wise to approach this disappointment in expectations in a manner that can allow for constructive discussion and peaceful resolution, if it is at all in your power.
Good luck to you.
Maurice Mandel II and Alden Jay Knisbacher agree with this answer
A:
When it comes to secular activities, a church is the same as any other employer. Your question seems to present a mixed bag. As an employer, if the church is providing an email system on its server, that is the property of the church, not the individuals using it, and the church is within its rights to request the users to provide password information. The same with respect to the CHURCH zoom or facebook accounts, and CHURCH credit cards and other accounts. These all belong to the church and the church has the right to oversee these, the same as if the church had a car, it could require anyone who drives it to provide a copy of their driver's license and their own insurance. The alternative is simply that the person does not use the church email, facebook, credit card or drive the car.
This "directory" poses other issues. Did the individuals consent to having their personal information distributed or not? Can they opt out? Who will get the directory? What will it contain?
The other aspect poses more mixed questions. Is the church entitled to a roster of who is attending bible study classes? Well, is there a fee for the class? Is it being held on church property? Does the church have a security interest in knowing who is participating in church sponsored activities? What if there is a fight? What if someone is sexually assaulted at one of these activities? Should the church have this list to be able to assist in any criminal investigation? What if the church is sued? Should the church know who was there and could be a witness? How confidential will these records be? Did the participants have expectations of privacy?
With "outreach" programs there are even more issues. There is also a question of potential embezzlement of church money.
Now, you have to realize that one function of an Attorney is to ponder over the worst case scenario, and while I have posed these issues for your consideration, in no way do I mean to imply that these apply to your church. But you cannot turn a Pollyannaish eye to the world and you must realize that bad things happen to good people, every day. There are stories in the news about churches being bombed, burned and shot up. And worse.
IMO- the people whose information is being requested need to be provided the opportunity to express their position whether they want to opt out of being included in directories; the head priest needs to discuss his motives and needs for this information with everyone involved, after all, he is not Moses delivering the 10 Commandments from Mt. Sinai; people need to be provided the opportunity to discontinue using church email or other accounts before their personal information is disclosed; and the head priest needs to have a plan on what is disclosed, how, to whom and for what purposes, as well as to provide a security program to protect personal information from potential computer hackers. If hackers can get to Experian, they can get to your church's servers, and you may be more on a bullseye than you know.
Justia Ask a Lawyer is a forum for consumers to get answers to basic legal questions. Any information sent through Justia Ask a Lawyer is not secure and is done so on a non-confidential basis only.
The use of this website to ask questions or receive answers does not create an attorney–client relationship between you and Justia, or between you and any attorney who receives your information or responds to your questions, nor is it intended to create such a relationship. Additionally, no responses on this forum constitute legal advice, which must be tailored to the specific circumstances of each case. You should not act upon information provided in Justia Ask a Lawyer without seeking professional counsel from an attorney admitted or authorized to practice in your jurisdiction. Justia assumes no responsibility to any person who relies on information contained on or received through this site and disclaims all liability in respect to such information.
Justia cannot guarantee that the information on this website (including any legal information provided by an attorney through this service) is accurate, complete, or up-to-date. While we intend to make every attempt to keep the information on this site current, the owners of and contributors to this site make no claims, promises or guarantees about the accuracy, completeness or adequacy of the information contained in or linked to from this site.