220.127.116.11 Records in Custody of Diocesan Offices
1. Canon 220 provides that no one is permitted to harm illegitimately the good reputation which a person possesses nor to injure the right of any person to protect his or her own privacy.
a. The canonical and ecclesiastical norms that regulate the custody and confidentiality of documents and records involved in administrative and judicial processes as well as curial records are to be observed. The custody and confidentiality of documents and records pursuant to canonical processes is regulated by the norms of the canons and other ecclesiastical law. (See, e.g., Books VI and VII of the code, canons 1008-1052 which pertain to holy orders, canons 145-196 which pertain to ecclesiastical office, and canons 482-491 regarding curial acts, instruments and archive.)
b. Employment records in custody of the diocese are maintained according to the norms of #6.H.2 Personnel Files. (Contact the Department of Human Resources for the special norms regarding criminal history record information.)
c. In other cases, personal information in the custody of diocesan offices is to be made available only to those who have been authorized by the diocesan bishop for a legitimate function that requires its access and use. (This information includes, illustratively, medical and psychological records, academic transcripts, evaluations from third parties, recommendations. Legitimate functions include, for example, payroll processing or reporting, the discernment of vocation and formation of clergy and other ministers, professional counseling.)
2. Unless canon law makes other provision, the free consent of the person, must always be obtained and expressed in writing to obtain and use this information.
3. Since people have the right to protect their rights that they possess in the Church (canon 222), they have the right to contest the accuracy of some record that is prejudicial to them. This requires the possibility of some form of access to the record, at least in a summary form.
4. In addition to the diocesan bishop, who exercises ordinary, proper, and immediate power in the diocese, the moderator of the curia (or, mutatis mutandis, the chief of staff) and the diocesan chancellor possess authority to access and use these records.
5. The directors of diocesan offices and support personnel are authorized to access and use only those records that directly and immediately pertain to exercising the functions for which they are competent.
6. Any external breach or an internal violation of confidentiality is to be reported to the moderator of the curia. The moderator is to investigate the circumstances and determine the necessity or desirability of additional action to prevent future breaches and violations, not excluding personnel sanctions contained in the Diocesan Employee Handbook.
(This would include a loss of computer security by hacking, unauthorized access, etc. or the detection of some intrusion or malware affecting the confidential data.)
However, any matter pertaining to ecclesiastical sanction or ecclesiastical office is to be transmitted to the chancellor for any further action.
7. Unless an authorized user is accessing the information for a lawful purpose, it should always be kept secured by locked cabinet. If stored in electronic form, it is to be protected by password, and if possible, encryption. Keys and access passwords are to be carefully protected. When possible, particularly sensitive electronic documents should only be stored on non-networked computers or apart from the hard drive.
(Also see #6.D.5 regarding the destruction, sanitization and disposal of documents and electronic media. Also see Standards for the Use of Electronic Media and #4.6.3 Protection of Personal Privacy and Confidential Records.)