As nearly all aspects of daily life moved online during the early days of the pandemic, communities of faith found themselves embracing technology to bring their faithful together. For many, this included hosting religious services virtually instead of in-person. For others, it meant scanning QR codes to donate to their place of worship in lieu of placing cash in charity boxes. Of course, the transition from in-person to digital wasn’t always smooth sailing: an effort to make “virtual” confessions available to Catholics was promptly shut down by Church authorities, who warned that confessions had to be confidential in order to be valid—something that is impossible to guarantee over a phone call.

The digitization of religious activities didn’t start with the pandemic, but COVID-19 certainly exacerbated it. And the benefits are clear, with improved administrative efficiency and increased fundraising capacity. But along with these are the risks that we associate with technology: financial theft and faulty data privacy. And for religious groups—many of which can recount long, painful experiences with persecution—the stakes are higher than most. Community leaders cannot afford to make data privacy an afterthought. Faith leaders long accustomed to fostering trust must prioritize data privacy and security in their communities’ digital existence.

The Stakes 

Faith communities tend to collect sensitive information from their members, like home address, dates of birth, religious denomination, occupation, credit card information, or family member and spouse details. Fifteen years ago, this information was perhaps stored in a ledger in an administrative office. Today, it might be in the Cloud. In August 2020, JCrush—a dating app aimed at Jewish audiences—was discovered to have unencrypted information available for virtually anyone to access online. Records contained a troubling amount of personal information, including names, email addresses, dates of birth, sexual orientation, religious denomination and geolocation. In some cases, the location data was accurate enough to showcase users’ addresses. When trust is the foundation of common beliefs and purpose, an incident like this is particularly devastating.

Communities of faith face challenges common to other sectors when going digital, such as financial theft. Indeed, theft is a risk for community donations that are increasingly collected online. After the popular Pray.com was discovered to be leaking information of about 10 million users—including donation history—experts feared that criminals could trick people into “donating” money by impersonating places of worship. Vulnerable financial systems are bad news for faith-based communities, many of which rely almost exclusively on donations to operate and need to maintain transparency around their financial activities. A lack of data security can be crippling both to institutions’ financial wellbeing, and to credibility within communities.

Along with “common” risks are more specific, faith-centered concerns. As the short-lived phone-call confessions in spring 2020 demonstrated, poor data privacy can invalidate key religious practices: any confession done over the phone was later voided by authorities. These mistakes, however well-intentioned, diminish the trust that bonds communities together. In the United Kingdom, the popular Muslim prayer-space booking app Salah Space underwent massive changes to its privacy framework, after its developer concluded that collecting and selling data from the faithful violated amanah, or the value of trust, within Islam. This was also the case with the prayer app MuslimPro, which was found to be selling data to third parties, including U.S. military contractors. Because the app was made by Muslim developers, it was described as a “betrayal from within.” A New York Muslim leadership council even encouraged people to delete the app due to “safety and data privacy” concerns.

Like the New York Muslim council feared, such risks can threaten community safety. If a company is breached and your address is one of 10,000 others, that’s bad. But the average U.S. Catholic parish, for example, had just over 1100 registered households in 2011. The comparatively small size of religious communities places worshippers at even greater risk during data breaches—especially from hate-motivated actors.

In late 2020, during Hanukkah, a Jewish high school in New York had their website hacked and defaced with various slurs, hateful imagery and derogatory terms. The hackers were also able to take control of much of the school’s online system, which allowed them to circulate students’ family information—including addresses and credit card numbers.

These risks show how easy it is to threaten community bonds—and even safety—in cyberspace. But far from an apocalyptic warning, these implications are a call for faith leaders to normalize data privacy and security in the interest of community wellbeing.

A Way Forward for Data Privacy

Data privacy is a community effort, but leaders need to get the ball rolling. Leaders must realize that data security is now a part of their jobs. For starters, there’s no data privacy without data security. But leaders collect especially delicate information while operating on charity-based financial models. This combination limits mitigation options, yet highlights the need for data security. It’s unrealistic to expect places of worship to invest in IT teams, for example, when they operate with more volunteers than full-time staff.

Such issues could be remediated by increased attention from leadership. Despite a dearth of cybersecurity budgets, leaders can still encourage data security; in fact, specialized software providers are increasingly implemented by faith organizations. Administrators of places of worship, for example, need to demand privacy from these specialized software providers. This means choosing software that clarifies their data guidelines and tools. This selective attitude could make it easier to create clear expectations about data collection, storage and disposal. And in the long-term, influence providers to create more data-hygienic software.

It’s also up to these software providers to guide users through privacy practices, as some already do. Additionally, organizations like the Anti-Defamation League, for example, have published guidelines like “Considerations For Digital & Online Security At Jewish Institutions.” With a combination of support from developers and effort from organizers, communities can make serious progress in ensuring data security and privacy.

In some respects, faith-based communities are just another sector growing with digital tools. But in cases like that of MuslimPro or JCrush, data privacy goes beyond email addresses. It is up to community leaders to be proactive about worshippers’ data privacy and security. Work has been done, but there is still a long way to go in ensuring collective data security for faith-based communities.