Last Updated: 12/15/2016
I. Purpose
The purpose of this policy is to provide guidance regarding the use of technology to include computers, electronic devices, the screening of electronic devices, and the retention of documents and electronically stored information.[1]
II. Definitions
“Archdiocese” means that certain corporate entity formed, maintained and existing under Minnesota Section 315.16 with the Minnesota Business Name: “The Archdiocese of St. Paul and Minneapolis”.
“Clergy” means any persons ordained – bishops, priests, and deacons – who administer the rites of the Catholic Church.
“Code of Conduct” means the Code of Conduct for Clergy, the Code of Conduct for Church Personnel, the Code of Conduct for Adult Volunteers, and the Code of Conduct for Youth Volunteers, as applicable.
“Electronic Devices” means regular and mobile telephones (cell phones, smart phones, walkie-talkies), facsimile machines, computers, laptops, electronic notebooks, audio and video equipment, flash drives, memory sticks, media players, and comparable devices.
“Electronic Materials” means DVDs, CDs, laser discs, audio and video-tape, audio and visual recordings, films, microfiche, audio and visual broadcasts, computer operating systems, software programs, electronically stored data and text files, computer applications, emails, text messages, instant messages, and all other downloaded, uploaded, retrieved, opened, saved, forwarded or otherwise accessed or stored content.
“Electronic Systems” include electronic mail, telecommunications systems including telephone, voice mail, and video, facsimile transmissions, stand-alone or networked computers, intranet(s), extranet(s), the Internet and comparable systems.
“Users” means all Archdiocese employees or Clergy who use technology on behalf of the Archdiocese.
III. Policy
All information used in the course and scope of activities on behalf of the Archdiocese is an asset of the Archdiocese. The Archdiocese maintains a system of information security to protect proprietary data. Integral parts of this system are the policies, standards and procedures designed for Users. All Users must adhere to these policies, standards and procedures. These policies, standards and procedures include maintaining data confidentiality, maintaining the confidentiality of data security controls and passwords, and immediately reporting any suspected or actual security violations. The Archdiocese prohibits the use or alteration of Archdiocese data or information technology without proper authorization. All Users have an obligation to protect the confidentiality and nondisclosure of proprietary, confidential and privileged data, as well as personally identifiable information.
1. SCOPE
a. This Policy applies to:
i. All Archdiocese Electronic Systems, Devices and Materials located both on or off of Archdiocese property.
ii. All Users.
iii. All personal devices and materials, regardless of where they are located, that are used in the course and scope of Archdiocese activities.
b. The Archdiocese will maintain a record of Electronic Devices that are Archdiocese property in the possession of Clergy, employees, or Adult Volunteers.[2]
2. OWNERSHIP, ENFORCEMENT AND RIGHT TO INSPECT
a. All Archdiocese Systems, Devices and Materials, and all work performed on them, are property of the Archdiocese. These systems, devices, and materials are to be used primarily to conduct official Archdiocese business.
b. The Archdiocese reserves the right to monitor, access, retrieve, read and disclose content created, sent, received, or stored on Archdiocese Systems, Devices, and Materials (including connections made and sites visited) and to share such information with law enforcement or others, without prior notice.[3]
c. When the Archdiocese has reasonable cause to believe that a Cleric, Archdiocese employee or volunteer has violated policies relating to Electronic Devices or their usage in a manner that involves sexual misconduct with a minor, the Archdiocese shall cooperate with law enforcement to preserve the Electronic Device for evidentiary value.[4]
d. Users have no expectation of privacy in Archdiocesan Systems, Devices and Materials. The Archdiocese may inspect, review, audit, intercept, or access all Archdiocese Systems, Devices and Materials at any time, with or without notice.[5]
3. GUIDELINES FOR ACCEPTABLE USE OF TECHNOLOGY[6]
a. All Users should use care in creating email, text, video, still images, instant, or voice mail messages or in any postings on any social networking site. (See Archdiocese Social Media Policy) Even when a message has been deleted, it may still exist on a backup system, be restored, downloaded, recorded, printed out, or may have been forwarded to someone else without its creator’s knowledge. The contents of email and text messages are the same as other written documentation and should not be considered private or confidential.[7]
b. As with paper records, proper care should be taken in creating and retaining electronic records for future use, reference, and disclosure, in accordance with Archdiocese policy.
c. Mass emails or intranet/extranet/Internet postings to “All Employees,” “All Parents” and the like must be approved by the appropriate department director before they are sent/posted.
d. All Archdiocese employees are required to use their Archdiocese-issued email account when sending any communication related to their job functions.[8]
e. Use of personal electronic communications devices and materials while working should be kept to a minimum and should not interfere with work duties.
f. Archdiocese Systems, Devices, and Materials are not private and security cannot be guaranteed. Passwords and user IDs are intended to enhance system security; not to provide Users with personal privacy. User IDs and passwords should not be disclosed to unauthorized parties. User accounts are intended to be used only by the assigned party.
g. All information systems that create, store, transmit or otherwise publish data or information must have authentication and authorization systems in place to prevent unauthorized use, access, and modification of data and applications.
h. Computer networks must be protected from unauthorized use. Both local physical access and remote access must be controlled.
i. Information systems hardware must be secured against unauthorized physical access.
j. Minors are prohibited from using Archdiocese Devices or Materials unless authorized by, and supervised by a Cleric, employee or Adult Volunteer.
k. All files downloaded from the Internet, all data received from outside sources, and all content downloaded from portable memory devices must be scanned with updated or current virus detection software. Users shall immediately report any viruses, tampering, or other system breaches to the IT (Information Technology) Department.
l. Users who post or distribute communications on social media or public websites must comply with the Archdiocese Social Media Policy.
4. PROHIBITED PRACTICES/UNACCEPTABLE USE
While using Archdiocese Electronic Systems, Devices, or Materials, or using personal devices and materials in the course and scope of Archdiocese duties and activities, Users may not:
a. Violate any federal, state or local laws or regulations.
b. Violate any Archdiocesan Codes of Conduct.
c. Post or cause to be distributed any personally identifying information about another person without permission of that person, or the person’s parent or guardian if the person is under 18, unless doing so is required or concordant with the User’s job duties or assigned responsibilities. Personal identifying information includes images, names or screen names; telephone numbers; social security numbers, home or workplace addresses; email addresses, and web addresses (URLs) of social networking sites or blogs.
d. Post or distribute any communications, video, music, or pictures which a reasonable person may consider to be defamatory, discriminatory, offensive, harassing, derogatory, or bullying.
e. Post or distribute any communications, video, music, or pictures which are inconsistent with the faith or moral teachings of the Catholic Church.
f. Engage in pirating or unauthorized copying, acquisition, or distribution of copyrighted, trademarked, patented materials, music, video, or film or upload, download, view, or otherwise receive or transmit trade secrets, or other confidential, private, or proprietary information or other materials to which the User does not have access rights. Regarding copyrighted materials, certain exceptions are given for educational and liturgical purposes. It is the responsibility of the User to determine copyright status.
g. Post or send chain letters or engage in “spamming” (sending annoying, unnecessary, or unsolicited commercial messages).
h. Arrange for the improper purchase or sale of any drugs, alcohol, or regulated substances and goods, or participate in internet gambling.
i. Upload, download, view, or otherwise receive or transmit indecent, sexually explicit, or pornographic material.[9]
j. Make fraudulent offers of products, items, or services.
k. Damage, alter, disrupt, or gain unauthorized access to computers or others’ systems; e.g. use others’ passwords, trespass on others’ folders, work, or files or alter or forward email messages in a manner that misrepresents the original message or a message chain.
l. Give unauthorized persons access to Archdiocese Systems, provide access to confidential information, or otherwise jeopardize the security of the electronic communications systems (e.g. by unauthorized use or disclosure of passwords).
m. Transmit confidential, proprietary, or sensitive information unless the transmission is required or concordant with the User’s job duties or assigned responsibilities.
n. Introduce or install any unauthorized software, virus, malware, tracking devices or recording devices onto any system.
o. Bypass, defeat or otherwise render inoperative any network security systems, firewalls or content filters.
p. Transmit any radio frequency signal that is not permitted or licensed by the Federal Communication Commission (“FCC”) or that would violate FCC rules or policies.
q. Access or manipulate services, networks, or hardware without authorization.
r. Provide information about, or lists of, Archdiocese employees, Clergy or other propriety information from the Archdioceses database(s) to outside parties. Certain exceptions to this prohibition may be made with written approval from the Chief Financial Officer. Mailing addresses should only be provided in hardcopy (in label or other format as appropriate).
5. CONSEQUENCES OF VIOLATIONS OF ELECTRONIC COMMUNICATIONS POLICY
a. Violations of this policy may result in suspension of electronic communication privileges, confiscation of any Electronic Devices or Materials, and imposition of discipline, up to and including termination of employment or referral for canonical review.
[1] See Settlement Agreement, section 12.1.a. dated December 12, 2015 between the Archdiocese of St. Paul and Minneapolis and Ramsey County Attorney, Ramsey County District Court File No.: 62-JV-15-1674; County Attorney File No.: 2138749
[2] See Settlement Agreement, section 12.1.a. dated December 12, 2015 between the Archdiocese of St. Paul and Minneapolis and Ramsey County Attorney, Ramsey County District Court File No.: 62-JV-15-1674; County Attorney File No.: 2138749
[3] See Settlement Agreement, section 3.2.a., dated December 12, 2015 between the Archdiocese of St. Paul and Minneapolis and Ramsey County Attorney, Ramsey County District Court File No.: 62-JV-15-1674; County Attorney File No.: 213874912.1.b.
[4] See Settlement Agreement, section 12.1.b, dated December 12, 2015 between the Archdiocese of St. Paul and Minneapolis and Ramsey County Attorney, Ramsey County District Court File No.: 62-JV-15-1674; County Attorney File No.: 213874912.1.b.
[5] See Settlement Agreement, section 3.2.a., dated December 12, 2015 between the Archdiocese of St. Paul and Minneapolis and Ramsey County Attorney, Ramsey County District Court File No.: 62-JV-15-1674; County Attorney File No.: 213874912.1.b.
[6] See Settlement Agreement, section 3.2, dated December 12, 2015 between the Archdiocese of St. Paul and Minneapolis and Ramsey County Attorney, Ramsey County District Court File No.: 62-JV-15-1674; County Attorney File No.: 213874912.1.b.
[7] See Settlement Agreement, section 3.2.b, dated December 12, 2015 between the Archdiocese of St. Paul and Minneapolis and Ramsey County Attorney, Ramsey County District Court File No.: 62-JV-15-1674; County Attorney File No.: 213874912.1.b.
[8] See Settlement Agreement, section 9.3., dated December 12, 2015 between the Archdiocese of St. Paul and Minneapolis and Ramsey County Attorney, Ramsey County District Court File No.: 62-JV-15-1674; County Attorney File No.: 2138749
[9] See Settlement Agreement, section 5.8., dated December 12, 2015 between the Archdiocese of St. Paul and Minneapolis and Ramsey County Attorney, Ramsey County District Court File No.: 62-JV-15-1674; County Attorney File No.: 2138749
