Personal information will be inventoried and assigned one of the three levels of privacy.
Level 1 – Highly Restricted Personal Information
Information is very sensitive and if shared or published inappropriately or harvested electronically for fraudulent activities such as identity theft, has the potential of damaging people’s lives and/or their well-being and would likely bring about legal action against the church. The information issued for internal judicial decisions, identifies donor designations, career development, compensation determination and legal action.
Level 2 – Confidential Personal information
Information is somewhat sensitive and if inappropriately shared, published, or harvested electronically could contribute to fraudulent activity such as identify thefts, and bring about hardship or embarrassment to an individual and/or the church, or may bring about legal action against the church. The information is used for career development and legislative compliance. This information is considered private, but more individuals have controlled access to it than the information in Level 1.
Level 3 – General Information
Information is not sensitive and can be shared. This information is not restricted and many can have access to it. It is collected to assist the department in the accomplishment of their tasks. There is no confidential or restricted personal information included in this level.
There are some actions that employees can undertake to ensure the privacy of records and information:
- Personal information can only be used for the purposes in which it was collected.
- Personal information should be stored under lock and key or securely on a server and only certain authorized individual should have access to it.
- Personal information that is no longer required should be destroyed expect in cases where federal and/or provincial retention rules apply