Federal Privacy Commissioner on Bill c-27 news release.

Report into the 2021 cyber attack on Newfoundland health information systems released.

Privacy Commissioner of Canada announced his office is launching a joint investigation into OpenAI

Federal Privacy Commissioner launches new guidance on workplace privacy

Cybersecurity: Best Practices for Setting Up a Security Operations Centre

Alberta IPC finds risk of significant harm from stolen server.

Updates to Chapter 3 for the Guide to FOIP and the Guide to LA FOIP are now available!

Steps for effectively deploying multi-factor authentication.

Concerns about AI


What about the email attachments?

July 14, 2021 - Danielle Malach, Analyst

The majority of the time, records related to communications between parties are now in the form of emails. These may be single emails, or an email thread comprised of a number of emails between different parties. In some cases, the emails or email threads may contain attachments.

Unless the applicant has indicated they are not interested, the public body or trustee should treat email attachments as responsive to the access to information request. In Review Report 297-2019, the Commissioner determined that when the public body provided a copy of the responsive record, it did not include an attachment to an email. In that Report, the Commissioner indicated that public bodies should ensure all responsive records are identified. In Review Report 381-2019, the Commissioner noted that, “it is important that when public bodies are identifying records responsive to a request, it also identify any attachments to emails.”

This is straightforward if it involves a single email or is visible in the most recent email of an email thread. If attached to earlier responses within an email thread, the email header information may not show the attachment. In these cases, when reviewing the record, keep your eyes open for other evidence of attachments otherwise hidden.

Additionally, if public bodies are trying to make a prima facie case that solicitor-client privilege applies by providing an affidavit of record, it must ensure the affidavit of record identifies all records it is claiming solicitor-client privilege over, including attachments. As my office does not review the records in these cases, my office would not have the ability to identify emails where there was an attachment. This is why it is imperative that the public body’s affidavit of record identify any attachments to emails.

To help ensure that public bodies or trustees provide email attachments, it needs to have appropriate records management practices in place. As referenced in Review Report 007-2019 at paragraphs [24] and [25], public bodies should not use its email accounts as a means of storing its emails. Public bodies should provide employees with appropriate guidance on the proper storage and management of any emails received. This includes guidance on regularly saving official government records to their appropriate location in the public body’s filing system or electronic document management system. Public bodies should ensure that email records, including any attachments, are stored and managed in a consistent manner as with all other official government records. Ensuring all records are stored and managed appropriately will assist FOIP Coordinators when undertaking a search for records responsive to a request.

Categories: Blog

Back to Blog