Comments: Clergy Blue Files and Data Protection

It seems the document was updated in Nov 2017, stating "In spring 2018 there will be a new edition of this document to take account of changes introduced by the GDPR."

Posted by JayKay at Wednesday, 25 April 2018 at 6:16pm BST

I will comment later on the emails etc but first I must challenge his view that the Guidance is good. I think it is decidedly poor. Take the requirement to record baptismal certificate. If someone has undergone gender reassignment, because the Church won't replace these, it will necessarily reveal that the minister has undergone gender reassignment. If the minister has a Gender Recognition Certificate then, if the bishop allows a member of his staff to access the file he won't just breach the Data Protection Act (which in these circumstances prohibits even internal disclosures) but he may commit a criminal offence under s22 of the Gender Recognition Act. There are religious exemptions but they are not comprehensive.

I suspect if I parse the Guidance carefully there are all sorts of issues surrounding sensitive personal data. The 7th principle requires, for example, that both technical and organisational measures are in place to secure personal data. Organisational includes sufficient training and it is clear from the emails that the Guidance isn't meeting that obligation.

So I disagree with Colin. The Guidance is in my opinion (and it is a subject on which I have in the past provided professional advice to organisations) highly deficient.

Posted by Kate at Wednesday, 25 April 2018 at 8:00pm BST

Kate, I defer to your wisdom about the Guidance. I was judging it in comparison with other Church of England documents and statements - the letter by William Nye sent to TEC, for example, which is tendentious in the extreme. I look forward to your further parsing of the Guidance. I note that you describe it as highly deficient - things are worse than I thought.

Posted by Colin Coward at Wednesday, 25 April 2018 at 9:50pm BST

Colin, no worse perhaps than in many organisations but in a lot of places it does little more than copy the wording in the legislation. Compare it with guidance produced by, for example, the Equality and Human Rights Commission which interspersed the text with examples to make the guidance understandable.

Posted by Kate at Wednesday, 25 April 2018 at 11:13pm BST

There are several areas in the Guidance which concern me, but there is one glaring gap. It seems that bishops are the data controllers but there is a paucity of guidance on this, for example no guidance (unless it is elsewhere) on the responsibility to report breaches and, I would suggest, not enough guidance for a bishop to meet his/her responsibilities for security, including computer security.

Also, I checked the registrations of several bishops on the ICO register eg Durham and Norwich. They say they process the personal data of parishioners but don't mention processing the personal data of clergy

.

Posted by Kate at Thursday, 26 April 2018 at 12:11am BST

I always call mine a Study rather than an Office as we already have what's called a "Parish Office" housed in the stable block of the Old Rectory.

Posted by Father David at Thursday, 26 April 2018 at 4:32am BST

There is a new version which was agreed by the House of Bishops in November 2017. There is also new guidance on DPA/GDPR which is currently in preparation. However, the sheer wrongheadedness, woodenness and stupidity of some of the comments by bishops' chaplains in the stuff leaked by Colin Coward is jaw-dropping. They clearly need some training!

If operated properly, the Guidance is fit for purpose,and works well with the DPA and the ICO Guidance on subject access requests. When the full suite of material that will bring all the documentation into line with GDPR is in place, I hope that Bishops' Chaplains will receive some proper training on blue files and compliance. It's a question I shall be asking!

Posted by Pete Broadbent at Thursday, 26 April 2018 at 7:53am BST

One thing that is missing from this guidance (if I have understood it correctly) is the question of *who* is authorised to generate 'data' for a cleric's blue file - and what is the criteria for its inclusion in blue files?

For example, I arrive in Diocese A from Diocese B, and the file is passed on in the usual way. But, after some time in Diocese B, the Bishop of Diocese C (who knew me when I was a student some 25 years previously), writes to the Bishop of Diocese B, offering his opinion of my character and warning Bishop B that I might be prone to this-or-that. Does this letter go on file? And, if it does, is it an example of what happens when one of the emails admits 'I simply take out of the Blue File anything that is not the priest in question's data'?

Put simply, what so-called 'soft' information (for which the Church is notorious) is in a priest's blue file, that the Bishop and his staff have seen, but the priest in question never will? And, if I know it is there, but am not seeing it, what do I do? More to the point, what action can be taken against the person who originally generated this 'hidden' data?

Posted by Paul Jamieson at Thursday, 26 April 2018 at 8:58am BST

There are three answers to Paul Jamieson's questions: (a) Yes; (b) that would be an ecumenical matter; and (c) I'm really so very sorry... but it's 'out of time'!

From what I'm picking up on the grapevine, those who have served in the Sherborne Episcopal Area in a previous era should be asking to see *everything* in their blue file - especially any 'notes' that might have been included. It would seem that not every bishop is as transparent as Pete Broadbent.

Posted by Will Richards at Thursday, 26 April 2018 at 11:08am BST

Paul, headteachers do the same with teachers
Very often something bland is sent in writing 'for the file' but anything more than that is revealed over the telephone.

Posted by Kate at Thursday, 26 April 2018 at 11:10am BST
Post a comment









Remember personal info?






Please note that comments are limited to 400 words. Comments that are longer than 400 words will not be approved.

Cookies are used to remember your personal information between visits to the site. This information is stored on your computer and used to refill the text boxes on your next visit. Any cookie is deleted if you select 'No'. By ticking 'Yes' you agree to this use of a cookie by this site. No third-party cookies are used, and cookies are not used for analytical, advertising, or other purposes.