What is interesting to note is that the company pulled the complimentary note, if they had permission to post it, they wouldn't have to pull it. By pulling it it could imply that permission to post it was not sought.
Considering how incompetently the person running that Applebee's Facebook is handling this situation, I wouldn't draw any conclusions about what it implies. They could just have deleted it in the misguided hope that it wouldn't be brought up again.
I hope that Facebook account is only for that individual Applebee's franchise and not the company as a whole, because if they have such an incompetent PR person handling their public image they're in trouble.
So on the surface you have two similar offences, if that is the case the same standard has to be applied to the person who posted/authorised the posting of the complinetary letter and they need to be fired. Otherwise it could be a legal nightmare, sure policy might have been breached but if you don't apply it evenly that it's virtually worthless as a policy.
While it's wrong to post personal info online without permission either way (if that's what happened), the two actions don't carry the same consequences. No one has ever been harassed by an internet posse for paying a restaurant a compliment for their service, while that is a foreseeable result of posting the pastor's personal information online. If you leave a complimentary note like that, you know there's a good chance the note will be left in public view somewhere (even if only in the restaurant), and you generally have no reason to fear that happening. On the other hand, the pastor would obviously never want her information shared after what she wrote.