UUA Privacy and Data Security Policy
This policy addresses the collection, use, and safeguarding of data about individuals in the Unitarian Universalist Association's (UUA's) electronic database. It's of particular interest to members, leaders, and staff of Unitarian Universalist (UU) congregations, as well as to employees and contractors working for the UUA or a District.
Who do we keep information about?
- Current and former members of every UUA member congregation.
- Subscribers to UU World magazine.
- People who have registered with the UUA for various services such as receiving notifications when publications are available.
- People who have a relationship with a congregation but who are not an official member.
- Each congregation's elected board members, staff, lay leaders, and volunteers.
- Ministers and professional religious leaders, active and retired.
- District staff and consultants.
- UUA Board members and members of Board appointed committees.
- People who have made gifts to the UUA and UUA-sponsored funds.
- Young adults who have registered for an account with Connect UU.
- General Assembly attendees.
What information do we keep?
- Basic contact information: Name, address, telephone number, email address, and family and household relationships.
- A person's date of birth, or certification that they are at least 18 years old (certification of majority).
- A person's affiliations with congregations, including positions (e.g., Board membership) held.
- Preferences about whether to receive UU World magazine, email newsletters, solicitations, etc.
- History of service, such as dates of membership on a congregation's Board or a UU committee.
- History of giving, excluding credit card information.
- History of professional credentialing and professional association membership (e.g., UU Ministers Association).
- History of event attendance (e.g., General Assembly)
- Social security numbers for people employed or contracted by the UUA, a district, or a congregation, and for people enrolled in a UUA insurance program. These are encrypted and stored separately from personally identifiable information such as names and addresses.
- Bank information for people who receive direct deposits from the UUA.
What information don't we keep?
- Credit card numbers. We use secure and certified 3rd party processors to manage and retain credit card information.
How complete is the data, and how far back does the data go, and how long is it retained?
- Names and mailing addresses are very complete. Other contact information is often missing.
- Data goes back to about 1996, with a few exceptions going back as far as 1929.
- Some information will be retained in perpetuity, in support of the UUA's role of denominational historian. Other information—in particular, Social Security numbers and bank information—will be retained as long as it is required by law, regulation, and contractual agreements.
Where does the information come from?
- Contact information about members and congregations comes from congregational administrators and members themselves to ensure delivery of UU World magazine.
- Birthdates or certifications of majority come from congregational administrators or members themselves.
- Information about congregational leaders and staff is supplied by congregations at least once each year.
- Donors supply information about themselves.
- UUA staff members provide information as part of doing business with congregations, their leaders, and their members.
- Notices of address changes are supplied by the U.S. Postal Service.
Who has access to the information?
- Authorized UUA staff members responsible for keeping information up-to-date. For example, the Ministry and Professional Leadership department maintains information about religious professionals who serve our congregations. The software permits staff to access only the information needed to do their jobs.
- Each congregation may appoint up to four authorized persons who can view, change and download basic contact and position information (name, address, phone, email, positions held) about the congregation and its members, leaders and staff. Those authorized persons cannot access information about other congregations or their leaders and members.
- District staff members can view, but not change, basic contact and position information about the leaders and staff of the congregations within their own District. That information may also be included in online Directory listings maintained by a District or Regional office and visible only to authorized persons within the jurisdiction.
- In the future, each congregation can elect to have an online directory of its own members and leaders. (Individuals can opt out of the online directory altogether, or they can indicate whether to exclude their address, phone number, and/or email address.) Only members and leaders of a congregation can view the online directory.
- In the future, each member of a congregation can view and change only their own information.
- Contact information for matriculants of the UU seminaries may be shared with the seminary where they studied. Contact information for ministers is shared with the Church of the Larger Fellowship for sending the Quest newsletter.
What about mailing lists and email addresses?
- UUA departments and Districts use postal addresses and email addresses to stay in contact with constituents for a variety of purposes, including periodical mailings, email newsletters, and fund raising appeals, for example.
- Mailing lists, but NOT email addresses, are occasionally shared with qualified organizations such as the UUSC and with Announced Candidates for President of the UUA under strict guidelines for one-time use only. No one outside the UUA can get those mailing addresses for individual congregation members other than those in leadership positions without first obtaining the permission of each congregation to which those members belong. Mailing addresses and e-mail addresses of ministers and matriculants of the UU seminaries may be shared according to the policy outlined above in #6.
What do we use the data for?
- Mailing lists for UU World magazine and other UUA publications.
- Production of the UUA Directory of Congregations and Professional Religious Leaders that is published each year.
- Fundraising and gift processing.
- Tracking a wide variety of statistics about our denomination, such as the rate of growth of our congregations. (This data helps us fashion programs and services to meet the needs of our members.)
- Processing of benefits for UUA, district, and congregational employees.
Where is the information stored, and how is it kept safe?
- The information is stored in a computer database on the UUA's Boston premises. The computers are in a climate-controlled room that is locked at all times and equipped with a modern fire suppression system. Sensitive data such as employee social security numbers is encrypted within the database. The database is periodically encrypted and copied to magnetic tape, and the tapes are removed and locked in a different building.
- There is no direct link between the database and any public web sites.
- Online access to the database requires knowledge of a valid user ID and password. Access to specific types of information, and rights to view or change information, are strictly limited by each authorized person's role as assigned and overseen by both a system administrator and a database administrator.
- Personally identifiable information about individuals under 18 years of age is never made available to anyone other than UUA staff or authorized persons within the youth’s home congregation or district. All UUA staff are subject to criminal background checks prior to employment.
How is data about minors kept safe?
- Information about persons younger than 18 is programmatically prevented from being displayed unless the requestor has specific permissions set within the system allowing such access.
What about online hackers or "bots" getting into the database?
- First, the live database is not accessed directly from our online applications. Copies of some information are used by some online applications, but every request to access and/or change those copies is logged and reviewed by UUA staff. Second, our software applications are written to not be vulnerable to standard hacks like SQL injection. Third, access to personal information (e.g., information about individuals) requires at least a user ID and password. Fourth, sensitive information (i.e. social security, bank account, and insurance account numbers) is encrypted in the database.
- It is not technologically possible to absolutely guarantee the security of data stored in a computer. Our goal is to make unauthorized or malicious access both difficult and detectable.
What happens when a UUA staff member or a congregational administrator trusted with access to the database quits or leaves their job for other reasons?
- When a staff member leaves, all of their computer accounts are locked.
- When the UUA is notified that a congregational administrator has left their position, their access to the congregation's data will be locked. Each congregation's access activity is monitored, and if their routine usage pattern changes, the UUA will seek an explanation from the congregation.
How often is the information updated?
- The information is updated by UUA staff every day. Well over 50,000 updates are made each year.
- Up to four authorized persons from each congregation can review their own membership list and make updates at any time.
- In the future, individuals will be able to view and make changes to their information on file at any time.
Does the UUA comply with laws and industry standards regarding data security and privacy?
- Yes. The Vice President of Finance, the Director of Information Technology Services, and the Database Administrator oversee a portfolio of coordinated projects whose aim is to define and fulfill our ethical duty to our constituents in addition to achieving, monitoring, and maintaining compliance with the law. A program is in development that will ensure compliance with both the latest Payment Card Industry Data Security Standard (PCI DSS 1.2) and the new Massachusetts data privacy law described as the toughest in the nation (201 CMR 17.00 (PDF): Standards for The Protection of Personal Information of Residents of the Commonwealth)
Whom should a person contact with a question or to have information corrected or removed?
- Individuals can ask their congregation's administrator to change their information, or they can contact the UUA's Data Services department at data_services [at] uua [dot] org or circulation [at] uua [dot] org or (617) 948-4654 with their request.
- Questions concerning data stored about gifts should be directed to the Stewardship & Development department at giftinfo [at] uua [dot] org or (617) 948-4624.
- Individuals can view and change their own contact information online. This requires a one-time registration for identity verification.
- UU World magazine subscribers can also submit address changes online.
- Individuals can "opt-out" of receiving various email correspondence from the UUA (e.g. email newsletters) by clicking the unsubscribe button in the body of the email.
- Persons with questions or concerns about this policy or data security at the UUA are welcome to contact us at data_services [at] uua [dot] org or (617) 948-4654.
March 31, 2009