Parish Resources

Privacy

The Privacy Act 2020 (PA 2020) came into force on 1 December 2020. This means every New Zealand organisation and those that deal with them are required to be compliant now. 

The Privacy Act governs the collection, usestorage, access and disposal of personal information held by an organisation. The new law recognises the shift from a predominantly paper-based world to a digitised one, where sensitive information can be accessed and made public through the internet and social media in an instant, thus requiring the law to catch up with technological advancement.  

The right to privacy and good reputation and its protection is exercised as an expression of communio (canon 209)to the benefit of the common good, which in turn protects the good name of the Church and serves the ultimate mission of the Church being the salvation of souls. The right to privacy and good name is also enshrined in canon 220 of the Code of Canon Law. 

Can. 220 No one is permitted to harm illegitimately the good reputation which a person possesses nor to injure the right of any person to protect his or her own privacy.

 

GENERAL

Here is A Guide to Privacy for Parishes which is useful for all parish admin staff to consult, especially those with responsibilities for handling personal information.

 

POLICY 

Each Parish should have a Privacy Policy. A policy template from the Diocesan Office can be used to provide high level guidance on how personal information should be collected, used, disclosed and retained. All administration staff and volunteers who receive or have access to personal information should be aware of the Privacy Policy requirements. 

Template-for-Parish-Privacy-Policy (MS WORD)

Template-for-Parish-Privacy-Policy (PDF)

 

PROCEDURES 

Administrative procedures around the handling and use of personal information should be captured in procedure documents to ensure consistency across staff.  We are progressively adding information here for parish use.

Notification of photographs or filming taking place at an event

If you are holding a parish event and wish to record the event (through film or photographs) you must let attendees know. As it is a ‘public’ event it is not necessary to obtain consent from everyone in attendance. However, it is good privacy practice to give attendees the option to not be photographed or captured on film, or have images published.  This can be achieved by placing signs at every entrance or to identify the photographer should anyone wish not photographs to be published.

Here is an example of signage:

“Please be aware we are taking photographs at this event which will be used for future publication and promotional purposes. If you do not consent to being photographed please identify yourself to event staff  [insert how to identify staff eg high-vis].   Your privacy is important to us, so if you have any concerns please let us know.”

or

Please be aware we are taking photographs at this public event which may be used for publication (online and print). If you do not consent to photographs of you being published please identify yourself to the photographer or let one of the parish team know.  
Your privacy is important to us, so if you have any concerns please let us know.“

Privacy disclaimers 

Any time personal information is collected a privacy disclaimer, indicating purpose of collection, use, access and retention, should be included when collecting. This includes Parish Enrolment forms, Parish Census Forms or Enrolment for Sacramental Programmes.

Here is an example of a privacy disclaimer:

By completing this form, I consent to my information being stored and used for the pastoral, financial, administrative and fundraising purposes of the [insert name of parish]  and the Catholic Diocese of Christchurch.   I understand that my data will be held securely and that I have a right to access my information.   I understand that when this information is no longer required for this purpose, my data will be disposed of according to the Parish and Diocesan Record Retention and Disposal procedure.

Disclosure of personal information

Personal information collected by the parish must not be disclosed to third parties, unless a privacy disclaimer at the time of collection has clearly identified with whom personal information may be shared. In the above example of a disclaimer, personal information can be shared with the Diocesan office because it has been consented to.

If you have any concerns about whether personal information can be disclosed please contact the Diocesan Privacy Officer.

Requests for access to personal information

Information Privacy Principle #6 states that people have a right to ask for access to their own personal information.  People can only ask for information about themselves. The Privacy Act does not allow a person to request information about another person, unless their are acting on that person’s behalf and have written permission.

It is useful to have access requests in writing, clearly stating what information they are seeking to access. A sample form that can be modified for your parish is available from the Diocesan Privacy Officer.

Complaints 

coming soon

Incidents or Breaches

Organizations that deal with the collection, handling, or disclosure of personal information may be at risk of a privacy incident or breach. Whether intentional, or accidental, instances will occur where personal information is at risk of inappropriate access, use or disclosure.

Anytime a risk to personal information is discovered, the incident, should be reported to the Parish Privacy Officer. Then the risk can be mitigated, and the likelihood of a more serious privacy breach occurring is reduced.

The main actions when an incident is discovered is to Limit further disclosure, Report to parish and diocesan privacy officers, Assess the extent of risk, Prevent to ensure the risk does not reoccur.

To follow is a brief overview when dealing with incidents or breaches. Further procedures are available from the Diocesan Privacy Officer.

Parishes_Privacy Incident and Breaches _Overview

 
 

PARISH SOCIAL MEDIA ACCOUNTS AND PRIVACY

The Catholic Diocese of Christchurch recognizes that in today’s environment, use of social media and other networking and communication technologies and applications assist in the pastoral and evangelical mission of our church. Parishes are encouraged to use social media and technologies to accomplish their ministry. The Diocese also has an obligation to ensure responsible and safe use of these technologies, reflective of the teaching and mission of the Catholic Church. Online engagement with others should facilitate a growing relationship with Christ.

Procedures around the use of Social Media should be similar to that of a publication when it comes to images or video of parishioners.   Consent must be obtained from those photographed or recorded.  When organizing or facilitating programmes or activities where photographs or video footage of children (those under 16 years of age) or vulnerable adults are to be taken, privacy concerns should be considered.  This includes gaining the written consent of the parent or caregiver of the child and for a vulnerable adult, the adult can give their consent if they are able to do this, or the consent of their caregiver.

In the use of photographs, particularly of youth, the subjects should not be identified by more than a first name and parishioners and minors should not be tagged in the posts.

Care should be taken when sharing posts from other pages. If the parish chooses to share posts from parishioners’ personal accounts, permission to share should ideally be obtained.

 

TRAINING 

Privacy Training will be available as part of professional development programmes for Parish administration staff. The Diocesan Privacy Officer can run specific training for a parish office on request. 

Additionally online training is available on the Office of the Privacy Commissioner’s e-learning website. https://elearning.privacy.org.nz/  

Currently there are modules based on the Privacy Act 1993 

  • Privacy 101: Introduction to the Privacy Act 
  • Privacy ABC 

And a new module introducing the Privacy Act 2020 

  • Privacy Act 2020 

There are also numerous blog posts and podcasts from the Office of the Privacy Commissioner around the key changes to Privacy legislation.  https://www.privacy.org.nz/privacy-act-2020/resources/ 

 

FREQUENTLY ASKED QUESTIONS 

What are the 13 privacy principles?

13 Privacy Principles    The 13 principles are outlined in more detail in A Guide to Privacy for Parishes