INTRODUCTION #
The Archdiocese of San Francisco’s technical resources enable employees and other authorized users to quickly and efficiently access and exchange information. When used properly, these resources greatly enhance productivity and knowledge, and therefore their use is encouraged. Because these technologies, most notably the Internet and E-Mail, are both new and rapidly changing, it is important to explain how they fit within the work of the Archdiocese and within the responsibilities of employees and other authorized users.
For purposes of this policy, the term “Archdiocesan Systems” includes computers, Internet Service Providers (“ISPs”) and accounts, telephone lines, or any combination of these, which are provided by and/or paid for by the Archdiocese, including those provided by, to or for agencies, schools and parishes, as opposed to by personal funds.
Examples of access considered to have been performed through an Archdiocesan System include:
- An Archdiocesan ISP account accessed through a privately-owned computer and/or telephone line;
- A personal ISP accessed through an Archdiocesan computer and/or telephone line;
- Archdiocesan work, whether done on a private or Archdiocesan computer or telephone line.
Non-Archdiocesan E-mail or Internet-access accounts of individuals are to be maintained separately from Archdiocesan accounts, and remain the sole responsibility of the personal owner and not of the Archdiocese or any Archdiocesan entity. If an individual desires to maintain an interest in privacy in individual accounts beyond that which is set forth in this policy, such accounts must not include Archdiocesan work, must be kept solely on private computers, must solely use private telephone lines, and must be accessed solely through private ISPs. No Internet or E-Mail access which is done in connection with Archdiocesan business, or which uses Archdiocesan computers, telephone lines, ISPs, or accounts is to be considered private, and all such access remains subject to regulation, retrieval and review by the Archdiocese, except as expressly set forth in this policy. While this policy seeks to embody the institutional legal rights of the Archdiocese in relation to its systems, Department Heads and other supervisors and/or Users are reminded that these rights also carry with them a moral obligation of respect for individual Users of Archdiocesan Systems. As such, any legal rights retained bythis policy should not, from a moral perspective, be used as a means of knowingly reviewing others’ personal E-Mails and/or other personal communications via Archdiocesan Systems where a significant business concern has not been first articulated. In order to safeguard this moral obligation, Department Heads should consult in advance with the Archbishop, the Archdiocesan Vicar for Administration, or Archdiocesan Legal Counsel to determine whether review of personal E-Mail and/or other personal communications via Archdiocesan Systems is warranted in a given circumstance.
Employees, clergy, religious, volunteers, and other users are collectively referred to as “Users.”
Where the term “Department Head” appears in this policy, it also refers to heads of agencies, pastors of parishes, and principals of Archdiocesan schools.
“Computer Systems Manager” refers to that person in the respective department, school, parish, or agency with primary responsibility for supervising computer systems and operations. If there is no such person or if that person is not available, the relevant Dean may be contacted for guidance as to shared expertise among those persons within the Deanery. While this policy focuses on Internet/E-Mail technology, it also applies to computers, fax machines, voice mail, electronic bulletin boards, and like technical resources.
A. PURPOSE AND SCOPE #
The purpose of this Policy is to outline the parameters for use of computers, and the use and monitoring of the Internet, E-Mail, and the other Archdiocesan technical resource systems referred to above. This policy shall apply to all Users accessing such systems of Archdiocesan departments, agencies, parishes, and schools.
B. ARCHDIOCESAN INTERNET SERVICE PROVIDERS #
Each parish, school, agency, or other Archdiocesan entity shall establish a single ISP account with a single 1SP to be chosen by that entity’s Department Head for use in connection with Archdiocesan Systems and work. No parish, school, agency, or other Archdiocesan entity shall establish additional accounts or ISPs or maintain private (i.e., non-Archdiocesan, including non-agency, non-parish or non-school) account numbers or service providers.
All individual mailboxes, screen names, E-Mail addresses and the like in connection with an Archdiocesan ISP shall be established and maintained only with the express permission and under the direct supervision of the Department Head and the Computer Systems Manager, and shall be considered Archdiocesan property. No mailboxes, screen names, E-Mail addresses, or the contents of any of these, if maintained in connection with an Archdiocesan System, should be considered by any User to be private.
Except as specifically allowed by this policy, all Archdiocesan business, and only Archdiocesan business, is to be conducted through the designated ISP and on Archdiocesan Systems. Priests and others who reside permanently in their Archdiocesan workplaces, and who desire exclusively private Internet access for personal use, may establish individual Internet accounts with their own computers and ISPs through private telephone lines, so long as such accounts, computers, and phone lines are established with the User’s personal funds and in the User’s personal name.
C. PRIVACY/CONFIDENTIALITY #
Except as specifically set forth in this policy, all information, including E-mail messages and files, that is created, sent, or retrieved over the Archdiocesan Systems (including computers, telephone lines, and/or ISPs, or in connection with Archdiocesan work), is the property of the Archdiocese, and should not be considered private or confidential. Any such material, whether created by, sent to, or received by, the User, may be monitored; retrieved and reviewed at any time, when doing so serves the legitimate interests and obligations of the Archdiocese. For example, the Archdiocese will investigate suspected unauthorized or excessive use and suspected misconduct, or it may conduct periodic spot audits to assure compliance with this policy.
If an Archdiocesan investigation involves messages sent to or by, or information prepared by, a Priest of the Archdiocese, that Priest may request that another Archdiocesan Priest of his choosing be present when any such information is retrieved anc_ reviewed. If an Archdiocesan investigation involves messages sent to or by, or information prepared by, a member of a recognized labor union concerning a labor union matter, that member may request that the member’s shop foreman or other immediate union representative be present when any such information is retrieved and reviewed. Any rigl—t to have another person present at such a review is not to be construed as creating any expectation of privacy in any such material, or in any way as a veto or right to impede or obstruct the investigation.
D. ACCEPTABLE USES OF THE INTERNET AND E-MAIL #
Every User has the responsibility to maintain, enhance, and carry out the mission of the Church, and to use the Internet and E-Mail in a productive and morally acceptable manner.
Archdiocesan ISP accounts may be used for personal use only as authorized by a User’s supervisor as set forth in this Policy. Any authorized personal use of an Archdiocesan ISP shall be subject to the same conditions, including employer-inspection rights, as Archdiocesan work. In the case of non-exempt employees, authorized personal use shall take place only during scheduled work breaks or emergencies. In the case of exempt employees, authorized personal use shall not be excessive and/or carried on in a manner that disrupts employees’ work priorities and responsibilities. Internet access and E-Mail through Archdiocesan Systems are property of the Archdiocese, and their purpose is solely to facilitate Archdiocesan business.
Subject to the limitations contained in this Policy, including the Archdiocese’s right to inspection, a User may have access to the User’s private E-Mail or Internet provider through Archdiocesan Systems (including computers, ISPs, and/or telephone lines, or at the workplace). Such access shall be allowed only as expressly permitted by the User’s Department Head and Computer Systems Manager. The User’s Department Head shall allow access to such private services only at and for such times as is conducive to and compatible with effective and efficient performance of the User’s job duties, and may be limited as to scheduling or duration by the Department Head or by the Archdiocese.
E. UNACCEPTABLE USES OF THE INTERNET AND E-MAIL AND OTHER TECHNOLOGY #
Archdiocesan Systems may not be used to transmit, retrieve, or store any type of communication, message, image, or material:
- that is discriminatory, defamatory, or harassing;
- that contains derogatory or inflammatory remarks about an individual’s race, age, disability, religion, national origin, or physical attributes, or any other condition or status protected by Federal, State, or local law;
- that is obscene or X-rated;
- that contains abusive, profane, or offensive language;
- that involves “spam” or other means or forms of communication which abuse the privilege of communications or use the system irresponsibly; to that end, no message sent on an Archdiocesan system may be addressed to more than five (5) Archdiocesan E-Mail addresses without the express permission of the Department Head;
- that violates any policy of the Archdiocese of San Francisco, including, but not limited to, its policies regarding child abuse and harassment, or that is otherwise contrary to the religious mission and values of the Archdiocese.
Information traveling through the Archdiocese’s systems may not be secure. Therefore, Users are prohibited from sending or posting confidential or proprietary company information through the Internet or by E-mail without the express authorization of their Department Head. If a User’s work requires a higher level of security, the Computer Systems Manager should be contacted for guidance on methods to be-ter secure the exchange of E-mail or gathering information from sources such as the Internet. It is recommended that all E-Mail messages concerning Archdiocesan business, and. particularly where sensitive material or information is included, contain the following preprogrammed disclaimer:
THIS E-MAIL MAY CONTAIN CONFIDENTIAL OR PROPRIETARY MATERIAL FOR THE SOLE USE OF THE INTENDED RECIPIENT. ANY REVIEW, USE, DISTRIBUTION OR DISCLOSURE BY OTHERS IS STRICTLY PROHIBITED. IF YOU AFE NOT THE INTENDED RECIPIENT, OR AUTHORIZED TO RECEIVE THE INFORMATION FROM THE RECIPIENT, PLEASE CONTACT THE SENDER BY REPLY E-MAIL AND DELETE ALL COPIES OF THIS MESSAGE.
The Archdiocese’s systems also may not be used for any purpose that is illegal, against Archdiocesan policy, or contrary to the Archdiocese’s interests. Solicitation of nonArchdiocesan business or any use of the systems for personal gain is prohibited.
F. COMMUNICATIONS #
Each User is responsible for the content of all text, audio, and images that the User places into or sends over Archdiocesan Systems. In order to be able to identify the sources of information sent or received over Archdiocesan Systems, every User shall maintain unique individual identification information (such as, where relevant, passwords or access codes, etc.), which shall be made available to the relevant Department Head, who may use such information for appropriate business purposes. In the event that a dispute arises as to appropriate use by the Department Head of such identification or access information, the issue shall be decided in the sole discretion of the Archbishop or such person as the Archbishop may delegate. This identification and access information is not to be given to any third party without the approval of the User’s Department Head.
The Archdiocese, through the Archbishop or other person specifically delegated in writing by him, may override any applicable passwords or codes to inspect, investigate, or screen a User’s files and messages. In order to facilitate the Archdiocese’s access to information on its technical resources, a User may not encrypt or encode any communication or data stored or exchanged on Archdiocesan Systems without the express written permission of the User’s Department Head and the Computer Systems Manager, who will establish appropriate procedures for deposit of such information so that it can be accessed in the User’s absence. Archdiocesan computers and accounts are not intended for anonymous use. To preserve the integrity and viability of this policy, no electronic communication may be sent that hides the identity of the sender or indicates that the sender is someone else or is from another entity.
Nothing in this section should be construed as creating any privacy right or interest in any material stored by or sent through any Archdiocesan System.
G. SOFTWARE #
To prevent computer viruses from spreading through the system, anti-virus software shall be implemented on all Archdiocesan Systems. Users are prohibited from downloading software from the Internet, installing software on their computers, or uploading data, from any source, without the express approval of the Department Head and the Computer
• Systems Manager. Access codes, passwords, or other means of accessing software on Archdiocesan computers shall not be changed or altered without the express prior consent of the Department Head and the Systems Manager. All software that is downloaded or otherwise installed must be registered to the Archdiocese. Users should contact the Computer Systems Manager if they have any questions.
H. COPYRIGHTS #
The Archdiocesan Systems may not be used to transmit copyrighted materials that belong to any other individual, business, or organization, without the express consent of the owner of the copyright. The Archdiocese is committed to obtaining a lice-Ise for every copy of copyrighted software that Users need to perform their duties. Users must respect all copyrights and may not copy, use, retrieve, modify, distribute, or sell copyrighted materials.
I. VIOLATIONS #
Any use of the Internet or E-mail not in keeping with this policy is not acceptable and will not be permitted. Users are required to immediately notify their Department Head and the Computer Systems Manager in the event they become aware of security breaches (accidental or otherwise), viruses,’ “spam”, unsolicited obscene material, copyright infringements, hate mail or otherwise potentially violent communications, or any other use of the Archdiocese’s technical resource systems by anyone that involves a real or apparent unacceptable use, as defined in this policy. The failure to comply with this policy may result in disciplinary action, up to and including termination, and the Archdiocese may advise appropriate law enforcement agencies and officials of any illegal activities that involve Archdiocesan Systems.
J. ARCHDIOCESAN WEBSITES #
No materials are to be placed on authorized Archdiocesan websites without the prior approval of the User’s Department Head in regard to content and quality. The Computer Systems Manager should be consulted before any new website is developed. No Archdiocesan User or Entity shall engage as a vendor in any “E-commerce” without the prior written approval of the Archdiocesan Finance Director, and any related registration information shall be on file with the Finance Office.
K. AMENDMENTS TO THIS POLICY #
No amendments to this policy shall be valid unless approved in writing by the Archbishop.