email

B.C.’s Office of the Information Commissioner has completed a damning investigation of three separate government departments. It found abuses and mistakes in three broad areas that contributed to a breach of privacy laws, and has made several recommendations for the B.C. government to improve its email retention practices.

Deliberate deletions

The first concerned the deliberate deletion of emails that should have been kept as a matter of government record. The Ministry of Transportation had received an access request last November concerning meetings that had been held in June and July 2014, concerning missing women along Highway 16 (often called the Highway of Tears).

Former ministerial executive assistant Tim Duncan alleged that ministerial assistant George Gretes had deleted relevant emails from his mailbox.

The Commissioner found it “more likely than not” that staff had indeed deleted pertinent emails on Duncan’s machine, after examining forensic evidence. Gretes also admitted that he had ‘triple deleted’ emails in the past. The case has now been referred to the RCMP for investigation.

The failure to properly retain and retrieve emails was a contravention of the Freedom of Information and Protection of Privacy Act (FIPPA), said the Commissioner.

Inadequate backups

Another breach in policy made it difficult for the Commissioner to carry out this investigation. The Commissioner’s office asked the Ministry to restore Duncan’s email account to assist with the investigation, hoping to find the original content of his inbox and deleted items folders there, but the Ministry said that it could not, because it did not have the backups.

“This lack of monthly account backups was a significant limitation in this investigation,” the report said.

The BC Government uses 24 Exchange servers to hold its email. Daily backups are kept for 31 days, and monthly backups are held for 13 months. When emails are deleted once, they are moved to a ‘deleted’ folder. If deleted again, (a ‘double delete’), they go to a ‘recover deleted’ folder. A triple delete removes it completely from the government system.

When the Commissioner’s office tried to recover Duncan’s files from monthly backups, it found that there were none.  The Government had migrated to new servers in a process originally estimated to take under a month. Consequently, it ordered its backup provider not to perform a monthly backup during this period, relying instead on daily ones.

The migration eventually took eight months in total, and so monthly backups were not made for this period. 48,000 mailboxes were left without backups, the report revealed.

The Transportation case bought to light irregularities relating to two other access requests, the first at the Ministry of Advanced Education (AVED), and the second at the Office of the Premier, Christy Clark.

Inadequate searches

In the AVED case, emails between the Minister and his Chief of Staff were requested in July 2014. The Minister produced extensive emails, while the chief of staff did not, even though pertinent emails were later found in his account. The chief of staff said that he had searched for the emails, but couldn’t find them, even though investigators found them in his account.

“Whether the chief of staff intended to wilfully disregard this access request is not clear. What is clear is that this is an instance where the Ministry of Advanced Education is in contravention of s. 6(1) of FIPPA because, at best, the chief of staff conducted a negligent search for responsive records,” the report said.

Misclassifying records

The other case, at the Premier’s office, highlighted another long-standing problem with processing freedom of information requests.

The Commissioner found the procedures for managing information requests within the Premier’s office to be flawed. The Freedom of Information officer there typically verbally relayed requests, and would only keep information about who had been asked for records on a sticky note.

The other issue records management: interpretations of which records are important. Emails are regarded as either transitory (working drafts and duplicates), and non-transitory (everything else).

The deputy chief of staff at the Premier’s office was asked for all emails sent from her account during several days in November 2014, but had none. All of her records were triple deleted.

She disclosed that she interpreted most records as transitory. “This practice creates a scenario where she will almost never have a sent email that is responsive to an access request,” the report said.

Recommendations

The Commissioner made several recommendations to the B.C. Government. The Ministry of Technology, Innovation and Citizens’ Services (MTICS), which is responsible for handling government messaging services, should provide written directions for hourly, daily and monthly data backups.

Indeed, government should create a legislative duty to document its record keeping, and keep accurate records, the report said, adding that government officials should monitor the process to ensure compliance.

Government employees should undergo mandatory records management training, and there should be independent oversight of information management requirements, it added.

The B.C. government should clarify access requests, so that interpretations of the requests are not too narrow, which could otherwise lead to information being withheld.

Government should also configure the settings in Microsoft Outlook to stop employees removing items from the Recover Deleted Items folder, and these emails should be held in the folder for a little over a month, so that they will be captured in monthly backups.



Related Download
Virtualization: For Victory Over IT Complexity Sponsor: HPE
Virtualization: For Victory Over IT Complexity
Download this white paper to learn how to effectively deploy virtualization and create your own high-performance infrastructures
Register Now