Friendship-west Baptist Church logo
Friendship-west Baptist Church

Friendship-West Baptist Church: Legal Risks & Compliance Gaps in Privacy Policy

Our analysis of Friendship-West Baptist Church's privacy policy reveals critical legal risks, including ambiguous breach notification, incomplete data subject rights, and compliance gaps. Learn how to mitigate exposure.

When Privacy Policies Fall Short: A Case Study on Friendship-West Baptist Church

Imagine facing a $2.5 million fine for a single data breach, or being caught in a class-action lawsuit due to unclear user rights. Our analysis of Friendship-West Baptist Church’s privacy policy reveals several legal and logical gaps that could expose the organization to significant regulatory penalties and reputational harm. Here’s what we found—and how these issues can be resolved.

1. Ambiguous Data Breach Notification Timeline The policy states: "We will notify the users via in-site notification within 7 business days." However, U.S. state laws (like California’s) and the GDPR require prompt notification, sometimes within 72 hours. Delays or ambiguity in breach notification can result in fines up to $7,500 per affected Californian (under CCPA) or €10 million under GDPR.

Legal Analysis
critical Risk
Removed
Added
We will notify the users viaof any data breach affecting their personal information without undue delay, and in-site notification any event within 7 business days72 hours of becoming aware of the breach, in accordance with applicable state and federal laws (including CCPA and GDPR).

Legal Explanation

The original clause is ambiguous and does not meet the strict notification timelines required by GDPR (72 hours) and some U.S. state laws. The revision provides a clear, enforceable standard aligned with legal requirements.

2. Incomplete Data Subject Rights Disclosure While the policy references user rights to change personal information by email or phone, it omits other key rights under CCPA and GDPR, such as the right to deletion, access, and data portability. Failure to clearly enumerate these rights can result in regulatory scrutiny and costly remediation orders.

Legal Analysis
high Risk
Removed
Added
Can changeYou have the right to access, rectify, delete, and obtain a copy of your personal information: By, as well as to restrict or object to certain processing activities, in accordance with applicable privacy laws (such as CCPA and GDPR). Requests can be made by emailing us Byor calling us.

Legal Explanation

The original clause only references changing information, omitting essential rights like deletion, access, and objection. The revision explicitly enumerates these rights, improving compliance and user trust.

3. Vague Third-Party Data Sharing & Liability Disclaimer The policy states, “We have no responsibility or liability for the content and activities of these linked sites.” This blanket disclaimer may not be enforceable, especially if user data is shared or processed by third parties. Courts have held organizations liable for inadequate due diligence or misleading disclaimers, with settlements often exceeding $500,000.

Legal Analysis
high Risk
Removed
Added
We have no responsibility or liabilityWhile we are not responsible for the content andor activities of these linkedthird-party sites, we take reasonable steps to ensure that any third-party partners handling personal information adhere to privacy and security standards consistent with applicable laws.

Legal Explanation

A blanket disclaimer is often unenforceable and may not absolve liability if user data is shared. The revision introduces a duty of care and aligns with regulatory expectations for third-party risk management.

4. Unclear Cookie Policy and Opt-Out Mechanisms The policy describes cookie usage but lacks explicit opt-out instructions and fails to address requirements under the ePrivacy Directive and CCPA. Non-compliance can trigger regulatory investigations and fines up to $42,530 per violation (FTC).

Legal Analysis
medium Risk
Removed
Added
You can choose to have your computer warn you eachmay opt out of non-essential cookies at any time aby using our cookie is being sent,management tool or you can choose to turn off all cookies. You do this throughby adjusting your browser settings. We provide clear instructions and links for opting out, in compliance with the ePrivacy Directive and CCPA.

Legal Explanation

The original clause lacks explicit opt-out instructions and does not reference regulatory requirements. The revision ensures users have actionable, compliant choices regarding cookies.

Conclusion: Proactive Legal Protection is Essential Our examination shows that even well-intentioned privacy policies can contain costly gaps. Addressing these issues not only reduces regulatory and litigation risk but also builds trust with your community.

  • Ambiguous or incomplete clauses can lead to multi-million dollar penalties
  • Clear, actionable language and regulatory alignment are essential
  • Regular legal reviews are a must for ongoing compliance

**Are your policies prepared for the next regulatory update? What would a data breach cost your organization? How confident are you in your current compliance posture?**

---

*This analysis is for educational purposes only and does not constitute legal advice. For actual legal guidance, consult with a licensed attorney. This assessment is based on publicly available information and professional legal analysis. See erayaha.ai’s terms of service for liability limitations.*