Privacy is a subject of much interest and discussion. Concern about how federal privacy legislation – the Canada Personal Information Protection and Electronic Documents Act (PIPEDA) – may or may not apply to our work is widespread. The FAQs that follow will help you determine what steps to take and what issues to consider.
Remember that PIPEDA applies on an activity basis, regardless of the nature of the organization. If you’re engaging in commercial activity that involves the collection, use or disclosure of personal information, PIPEDA does apply.
Privacy standards
The Diocesan Centre has a Privacy Standards Policy, approved by Diocesan Council in 2002.
You can also consult guidelines for parishes about parish directories and how to respond to requests for access to parish records. See the Parish Leaders’ Manual for more information on protecting personal information.
FAQ about Privacy
Personal information does not include the name, title, business address or business telephone number of an employee of an organization.
If we are unsuccessful in reaching the priest on the phone, we will leave a message for the priest and, in addition, we may suggest the caller try Canada 411.
Email addresses are handled in the same way that regular addresses are handled.
A church email address may be made public, as that is considered to be business information, and its publication is needed to perform the work of the Diocese.
If the email address is personal, it will not be disclosed or made public unless the individual’s consent has been obtained. It is always a good idea to ask people their preferred method of contact.
There is an expectation that parish staff and volunteers will not disclose information about people’s health that they may become aware of in the course of their work. This includes information about a hospital stay. No information should be shared regarding a person’s health without their specific consent.
The policies and practices that may suit a vestry in a small community in a rural area may be quite different from a large community in an urban centre. But remember, if you engage in commercial activity, the federal legislation will apply.
It is a good idea if all members of a vestry, and especially new members, understand how their personal information may be used in the life of the parish community so that there is no anxiety or unpleasant surprises! The expectations and practices should be clearly outlined at the time the personal information is collected.
Parish staff and volunteers will normally have access to the parish list in the course of carrying out their duties and organizing activities in the parish. It would be unreasonable for them not to have this information, but its use must be for church-related activities only. It is important that those in such positions be familiar with privacy and confidentiality issues. Parish statements regarding privacy of information should be readily available and publicized.
Finally, each year the Churchwardens are required to post the names of the members of the vestry prior to the annual vestry meeting. This is a canonical requirement as outlined in the Canon (Canon 14, sec. 4), and part of the preparation for the meeting.
The other exception is that the Churchwardens always have unfettered access to all the books and records of the parish corporation, including envelope records. The reason for this is twofold: first, the Churchwardens are ultimately responsible for the completeness and accuracy of these records; second, it would be quite unsatisfactory from an internal control perspective if the Churchwardens were not able to have access to the envelope records, or any other financial records of the corporation. Indeed, should the Churchwardens not be able to have access to and view the envelope records at any time, this would represent an unacceptable breakdown of internal controls and would require immediate action to remedy the situation.
The key to this is balancing the need for confidentiality with the need for good internal controls. The Churchwardens can review the envelope and other donor records to ensure that there is proper record keeping. (Indeed, they must verify these things personally and not take it on faith.) They can review these same records to develop a more precise understanding of the financial affairs of the parish. However, this must be done with complete respect for the confidential nature of these records.
In some parishes there is a third exception, and that is the incumbent. There is nothing that happens in the parish that should not be seen or known by the incumbent. However, some priests choose not to look at donor information. Therefore, there is no requirement that they do so; nor is there an expectation that this is automatically something they will do.
You may want to refer to the ten fair information principles for handling personal information, set out in Schedule 1 to the Personal Information Protection and Electronics Document Act of Canada.
These principles should guide your privacy policy. Remember, if you engage in a commercial activity that involves the collection, use or disclosure of personal information, you must abide by these 10 principles when carrying out that activity.
Above all, remember that the intent of the exercise is to agree on, and write down, how fellow parishioners will use their personal information as they carry out activities in their church community. Then this can be shared with new members, and referred to from time to time only, so that everyone can feel comfortable that their information will be used in appropriate and respectful ways.
Privacy resources
- Access to Parish Records Guidelines
- Privacy Guidelines Regarding Parish Directories
- Privacy Commissioner of Canada
For more information, contact Claire Wilton, Privacy Officer, at 416-363-6021, ext. 219 (1-800-668-8932).