Background Check Privacy & Compliance Statement
Koinonia Link is committed to protecting the privacy and dignity of our volunteers while maintaining a safe environment for our congregation. This statement outlines our compliance with the Fair Credit Reporting Act (FCRA) and our data handling practices.
1. Data Minimization & Security
- No Local Storage of SSNs: Koinonia Link never collects or stores Social Security Numbers (SSNs) or full Dates of Birth (DOB) on your local WordPress server. These are entered by the applicant directly onto Protect My Ministry’s (PMM) secure, PCI-compliant servers.
- Encryption: All communication between Koinonia Link and PMM is conducted via an encrypted SSL/TLS connection.
- PII Protection: Personal Identifying Information (PII) within our CRM is encrypted at rest using AES-256-CBC encryption.
2. FCRA Compliance
As a “User” of consumer reports, the church agrees to abide by all FCRA regulations, including:
- Clear Disclosure: Applicants are notified that a background check is being performed for volunteer/employment purposes.
- Written Consent: No screening is initiated until the applicant provides electronic or written authorization via the PMM portal.
- Adverse Action: If a background check returns information that may disqualify a volunteer, the church agrees to follow the “Pre-Adverse Action” and “Final Adverse Action” notification process as required by law.
3. Access Control (Least Privilege)
Access to background check statuses (Passed/Pending/Review) is strictly restricted based on WordPress User Roles. Only users assigned the Church Admin or HR Manager roles have visibility into screening results. Ministry leads are only notified of a “Cleared” status for scheduling purposes.