E-Mail and Access to Information and Privacy Protection
Did you know that e-mails are subject to Access to Information and Protection of Privacy legislation? So are photographs, maps, video recordings and any information in an electronic format, including e-mail.
Rosemary Thorne, Memorial’s Information Access and Privacy Protection (IAPP) Coordinator, receives official requests to the University under the Access to Information and Protection of Privacy (ATIPP) Act. ATIPP requests are handled in accordance with the legislation and, from time to time, email records, like any other document produced by employees in carrying out their work responsibilities, may be sought in response to a request.
According to the IAPP Coordinator, “With only a few exceptions, like research data, for example, any record in the custody or control of the University can be requested in an ATIPP request.” Disclosure of records to an ATIPP applicant is subject to exceptions in the ATIPP Act and nothing would be disclosed without consulting the office having custody or control of the record(s) in question.
This tip, plus other material about information access and privacy protection is available on Memorial’s IAPP web site: www.mun.ca/iapp. The recently-launched site sheds light on freedom of information legislation and privacy laws. The FAQs section answers questions like, “How much will it cost to obtain personal information about myself?” and “Can student grade lists be posted?” The Resources section contains general information on privacy, plus resources for administrator, and links to information access and privacy protection advocates worldwide.
As to e-mail being subject to ATIPP requests, the IAPP Office recommends that all employees treat their email correspondence as they would other forms of correspondence. “People tend to treat email casually. The writing and presentation in email may be informal and the tone may be more plain-spoken or less neutral than would be the case in other forms of communication,” said Ms. Smith. As a result, employees may find the prospect of disclosing their email in response to an ATIPP request awkward or discomfiting.
If you are concerned about your email being disclosed, the best advice is to practice good records management techniques:
- treat your email professionally
- delete transitory email (advertising material, spam, duplicates if a master version is kept in an official file, routine notices or messages and other records having short-term or no value once you are finished with them)
- separate personal content from work-related content
- stick to the same focused subject in your email
- protect people’s privacy – avoid sending personal information (of employees, students, or others) by email
While e-mails are a valuable and versatile tool, they also carry privacy risks, since an email containing someone’s personal information can be inadvertently disclosed to people who are not authorized to receive it. Another of the resources available on the IAPP website is “Guidelines for Using Personal Information in Email and Faxes.”