Home > For NAD Pastors > Articles >
It Is Time to Take Church Media Risks Seriously
By David Fournier
For the large church with a media team, social media outreach, a video team that streams services online or through their local cable network, media risk is an important topic. For the small church that meets in a home with just a few members, media risk is ALSO an important topic. 

As we look at the news we see major corporations struggling amid controversy over social media missteps, patent wars, and cyber breaches that exposed customer’s information. It is tempting to think that these issues do not affect our churches. The unfortunate truth is that small organizations are attacked more frequently than larger organizations. Experts estimate that as many as 30,000 websites are infected every day and 80% of those belong to small organizations. We know for a fact that cyber breaches have occurred within the Church.

Adventist Risk Management attorneys have had cases where local churches infringed on copyright protected material. Modern technology allows content owners to track the use of their material more effectively.

Church media issues are not something to ignore. Understanding both the issues and opportunities will help you avoid missteps and ensure success for your ministry.

Social Media
Social media users often fall into two camps: the enthusiastic and the cautious. When it comes to managing your church, school or institution’s media presence, you want to aim somewhere in the middle. It’s important to bring personality, warmth and humor to your online presence, and it is easier to achieve that goal once you’ve spent time carefully planning your strategy. 
First, you should identify how you plan to use media to enhance and supplement your ministry efforts. That might include:
  • Engaging your congregation
  • Reaching your wider community in new ways
  • Creating an online gathering place
  • Providing immediate feedback
  • Establishing space for detailed discussions
  • Promoting events, activities and programs
The next step is to acknowledge that with all the new tools at our disposal come new areas of risk. Effective risk management is about identification, assessment and the prioritization of risks, and effective media planning is no different.

While thinking of risks could make any media use seem intimidating, these tools are also great resources for your institution. When your staff is educated on best practices, and when your organization has a social media policy and emergency response plan in place, you may find the benefits outweigh any potential hazards.

Rather than restricting your ability to use media in any way, we want to free your institution to explore its possibilities. The following tips will help you and your employees avoid missteps.

Cyber Risks
Start by limiting access to the church’s webpage. Establish administration access so only a few key people can update the site and make changes to it.
Limit staff access to the church’s network. Churches gather and store large amounts of sensitive, personal information on members, including information related to their giving. Most data breaches, such as identity theft and embezzlement of funds, occur from the inside. Be sure your church staff only has access to areas of the network that are appropriate for their leadership level.
It is best to keep two separate networks, one for general use by teachers and leaders, and another network for church employees (office staff, pastors). These should be firewalled with strong passwords in place. Be sure to change the passwords on a systematic basis. 
To learn more watch Local Church Cyber Risks (4:41)

Litigation Discovery
These days, social media is the first stop for attorneys looking to build a case. Comments posted on social media channels are often used in court. Make sure your employees and volunteers are aware of the potential risks.
Identifiable Information, Photos of Minors
Church websites and Facebook pages often share personally identifiable information, which an outsider can use to contact a minor. This exposes children not only to predators, but also to non-custodial biological parents who may try to contact their children against court orders. Protect minors by never posting birth dates, phone numbers, email addresses or school names. In addition to obtaining written permission from parents or guardians to post photos of minors, you should also get written permission to post photographs of adults.
Right of Publicity, Release Forms, Permission
As with anything, a healthy dose of common sense and courtesy will go a long way toward keeping your students and employees safe.
Do not post photos of a minor online without a written form of consent. Uploading pictures and tagging them on Facebook may be commonplace, but the Children's Online Protection Act (COPA) requires that images of minors NOT be used unless written consent has been given. It also forbids including any identifying information of minors to keep pedophiles from finding them. While churches and other nonprofits are not obligated to follow COPA requirements, it’s best to cover all the bases and implement them anyway. Turning off functions like geo-tagging on photos, and foregoing tagging minors’ names on Facebook photos, are two ways churches can keep young people safer.

Defamation, Confidentiality, Invasion of Privacy
If an internal dispute occurs, any disparaging comments about individuals posted online by church staff may be considered defamation, putting the church at risk for a lawsuit. Avoid any disclosure of private facts about people or situations unless you have permission. Never post something that might be confidential without checking first. A classic mistake many churches make is posting prayer requests along with people’s names.
Do not include names or other identifying information on public prayer lists. Church offices also need to avoid displaying private information, such as posting the pastor’s schedule with too many details (whom the pastor is visiting in the hospital, etc.).

Gatekeepers are a must for any church blog. Blogs that include comment fields are becoming a minefield for defamation, libel, and slander – approving comments before posting can help you avoid future incidents. Post commenting guidelines that explain what will or will not be tolerated, and be sure to clearly state why a comment was not posted, or was removed.

Churches also need to consider implementing guidelines for leaders who publish personal blogs, including a disclaimer that their views are their own and not the views of the church they lead. These guidelines should include a statement against using the official church logo on any personal blog, website or social media profile.

Copyright Infringement
It is against the law to utilize articles, photos, music or other materials without obtaining permission first. It’s not enough to simply give attribution to the author when posting. In order to legally post copyrighted material, whether it’s a sermon from a visiting evangelist or a video of your worship service containing copyrighted music, you must have the proper authorization. This can either be through a license the church holds or directly from the owner of the copyrighted material.
CCLI provides copyright licenses for music. That license defines what you can and cannot do with the music. Make sure to check whether your license includes the right to record, stream or broadcast.

If pastors, worship leaders, and other leaders are creating original works, such as sermons, songs, or training curriculum for small groups, and wish to retain the copyright, they must create these works outside of normal work hours. These original works should also be created using a computer that is not church property. Otherwise, absent a contract, the church, not the individual, likely owns these original works.

To learn more watch Church Media Risks: Copyright

Sexually Explicit or Inappropriate Communication with Minors
No one ever thinks it will happen – until it does. Prevent inappropriate contact between adults and minors by establishing clear, specific guidelines in your social media policy. Teachers and church leaders should not follow, friend or engage with students on social media directly. One-on-one communication with minors should be greatly discouraged.
In some instances, it may be appropriate for teachers and leaders to create a public, professional media presence where they indirectly communicate with students and parents, and answer questions. If you feel this is appropriate for your institution, the activity should be routinely monitored.

For older students, apps such as Reminder were created to allow teachers to communicate via text (homework reminders, due dates, etc.) without sharing their cell phone numbers. These apps also keep a record of sent messages, in case administration ever needs to review their content.

Fine-tune your social media policy and include it with your employee handbook. Establish clear disciplinary measures and enforce them.

Adverse Employment Decisions
In many states, it is now illegal for an employer to take adverse employment action against an employee for making disparaging or critical remarks against the company or its leaders on his or her own social media account. These laws apply to churches and other nonprofits. Avoid liability by including a social media policy in your employee handbook, with stated consequences for violations. The law does not always apply if the employee is violating a policy they agreed to upon employment.
Computer, Device Security
An unlocked computer or device is an open invitation to data theft or malicious pranks. Make sure all church-owned computers are set to a timed, locked screensaver, and recommend that all employees do the same with any personal devices they might use for work. Many devices have the ability to be remotely wiped, so make sure this is enabled for all church property.
Hijacked Brand/Faked Accounts
All it takes is one disgruntled individual for your church or school to suddenly become the victim of a fake social media profile. These can range from a petty annoyance to serious misrepresentation and confusion, so it pays to be on the alert. A regular search of social networks will help you uncover imposters. While policies vary according to networks, you may be able to report the fake profile and ask for it to be removed. If not, you can at least be aware of any potential damage and prepare accordingly. Also, it’s wise to reserve your church or school’s name on any social network you might want to use in the future.
Creating a Social Media Policy
Social Media Policy Guide
Note: one thing to add near the top might be:

1. Advise your employees that you have the right to monitor their social media and Internet activity.

2. Remind employees/volunteers to familiarize themselves with the employee/volunteer agreement and policies included in the employee/volunteer handbook.

3. You should state that the policy applies to multi-media, social networking websites, blogs and wikis for both professional and personal use.

4. Internet postings should not disclose any information that is confidential or proprietary to the organization or to any third party that has disclosed information to the organization.

5. If an employee/volunteer comments on any aspect of the organization’s business they must clearly identify themselves as an employee/volunteer and include a disclaimer.
Example: "the views expressed are mine alone and do not necessarily reflect the views of (your organization’s name)."

6. Internet postings should not include organization logos or trademarks unless permission is asked for and granted.

7. Internet postings must respect copyright, privacy, fair use, financial disclosure and other applicable laws.

8. Employees should neither claim nor imply that they are speaking on the company's behalf.

9. Organization blogs, Facebook pages, Twitter accounts, etc., could require administrative approval when the employee/volunteer is posting about the organization and the industry.

10. State that the organization reserves the right to request the certain subjects are avoided, may withdraw certain posts, and remove inappropriate comments. (Does this apply to individual employee accounts?)

Five Steps You Can Take to Avoid and Minimize Risks
  1. Document all current and intended media use by staff and employees.
  2. Implement safeguards. These include disclaimers on employees’ personal accounts; permission for the use of photos, videos and copyrighted material; and protection of confidentiality.
  3. Train your employees and volunteers on proper and improper social media use. Choose one person to be the spokesperson in times of crisis, and see that they have crisis management training.
  4. Monitor the church website and social media posts by assigning gatekeepers.
  5. Build a crisis management strategy. This is separate from a social media policy, and specifically addresses the steps you will take in case of emergency. First, provide your leadership and communication team with basic crisis management training. Many online learning sites have free or low-cost courses in social media best practice and crisis management.  Next, decide whether you should be reaching out to your community on an individual basis, or whether you would rather direct all inquiries to a single point of contact (a section of your website, one official social media account, etc.). For smaller institutions, the directed approach is likely the best use of resources.
Part of your crisis management strategy should be to designate a spokesperson who is both authorized to speak on your institution’s behalf and able to respond quickly. Consult with a lawyer before making public statements, and coordinate the approach among the leadership. Crises should be addressed within 24 hours. Lastly, remember to be human – offering compassionate, apologetic responses to injured parties, committing to fixing the issue and communicating openly will go a long way toward minimizing damage.
While this might seem like an intimidating amount of information, all the education will definitely pay off. With a little effort and strategy, your church or school will see the benefits from the increased visibility, connectivity and sense of community that your media presence can foster.

David Fournier is manager of client care for Adventist Risk Management
Reprinted from CALLED