Try again…
“ The CCPA applies to for-profit businesses that do business in California and meet any of the following:
Nope.
“The European Data Protection Regulation is applicable as of May 25th, 2018 in all member states to harmonize data privacy laws across Europe.”
You don’t think there’s a council in CA that has 50K members? You don’t think BSA (the national council) has 50K members in CA (they ‘receive’ information on every youth and adult)? You don’t think they will apply CCPA to non-profits at some point?
Wait until we have a few massive data breaches from non-profits and watch how fast these laws change.
GDPR applies to organizations outside of the EU which offer goods or services to customers or businesses in the EU. Basically if you do business with anyone in the EU, it applies.
And, remind me, does BSA have overseas Scouts and leaders in Europe? Why yes, yes I believe they do!
We had a kid in our troop who’s family was stationed overseas. He was registered in our troop here in the states, but his address was in Europe and he lived in Europe most of the year. DING DING DING; GDPR applies!
Privacy laws apply to the organization whether the actions are taken by a volunteer or paid member of the organization. The organization gave you access to the data and failed to train you or put safeguards in place to prevent or mitigate the data breach. It so happens that currently CCPA exempts non-profit organizations but that will change as more data breaches, the kind you are creating by haphazardly emailing private information, happen. GDPR already applies to non-profits.
This is not the place to discuss if the BSA’s policies meet government requirements for PII. If you have concerns, you need to discuss them with your Council’s Scouting professional staff.
Guide to Advancement, 2021/edition there’s similar language in the previous edition:
Page 45: 7.0.2.2 Web-Based Counselor Lists
Online counselor lists present a number of challenges. They should only be placed on official council websites that conform to the National Council guidelines. Council sites must consider the safety and privacy of their members and participants by obtaining the necessary permissions to release information about or images of any individual. Give attention to protecting counselor privacy. Limit access to those who have merit badge-related responsibilities, such as advancement committee members and chairs, or unit leaders and selected assistants. Scouts should not have access. Their interaction with the Scoutmaster in discussing work on a badge, and obtaining a counselor’s name, is an important part of the merit badge plan.
Emphasis added by me.
And then there’s this:
It seems San Diego - Imperial Council could care less about limiting access.
Fair enough. Is it okay to discuss BSA policy as outlined in the GtA? Or is that off limits too?
At any rate, I don’t think Matt or anyone else here is going to change their “we always did it that way” stance so I don’t see much value in continuing.
Wow, that’s a massive privacy and policy violation. I bet nothing will be done about it though.
Hey, @JamesBrown13 I did not say it that way at all and I don’t appreciate the jab. Please don’t quote something I didn’t say or imply. What I did point out is that the standards you cited are clearly not relevant. They especially not relevant for a district. We also don’t have the means for a better method.
I can agree with your assertion that it should not be open to all on the open internet.
James, - One last try.
ScoutBook makes the names and phone numbers of counselors available on the web. Yes you must have a ScoutBook login, and be registered in certain positions, but the list of counselors, their contact information and the badges they counsel are already available online via ScoutBook. ScoutBook has rules about who can access the list.
The information we share with the units about Merit Badge Counselor is the counselor’s name, phone number, email, and the badges they counsel. This is the minimum information they need to select approved counselors for their scouts. We do not share any other information, such as their address. But even if we did, that would be no different that what is readily available from on-line phone directories.
We instruct our units they are NOT TO PUBLISH the list on the Internet. It should be restricted to the Unit Leadership that is reasponsible for selecting/assigning counselors for scouts. Scouts and parents should not have access to the list.
At some point we may cease to distribute the MBC list via Email, and direct all units to use ScoutBook. But that day has not come yet. In the mean time, our goal is to make the selection of approved Merit Badge Counselors as safe and secure as we can, without putting undue burdens on the unit leadership.
Greg
I strongly encourage you to enact this option immediately as that is the BSA policy and much safer.
What policy are you talking about?
Let us not forget that legally, a BSA district is part of a BSA council.
What is your point Bill? The council does not meet the other criteria except for California or overseas in Europe.
GtA 7.0.2.2 as both I and other’s have quoted.
Plus BSA has made it abundantly clear that the preferred way to handle online merit badge lists is via ScoutBook. Members are checked for current YPT and must be approved by council before being listed there.
Your system has none of these safeguards, plus new counselors are effectively ignored until the next semi-annual update.
It is not MY system. You continue to make this personal to me, but it is not. Please stop. It is the system used by districts in my Council. Can you say where the BSA has made it clear to use Scoutbook?
As this is getting far afield from the original topic, I am closing this thread.
© 2026 Boy Scouts of America - All Rights Reserved
