E-mail system confounds sender, discloses safety worries

A Statistics Canada employee complained that his supervisor’s e-mail branding him violent and a threat to others’ safety was an improper use and disclosure of his personal information. The e-mails between the supervisor and a human resources officer were available to all staff on the agency’s internal network for five weeks.

The complainant had filed a harassment complaint against his supervisor. The e-mails discussed the supervisor’s concern that the employee could become violent if given copies of her and other employees’ witness statements about the harassment complaint.

Statistics Canada investigated the complaint as a possible breach of both its internal security and privacy policies. The agency’s e-mail system allows users to designate their e-mails as normal, personal, private or confidential; however, the Document Management Centre (DMC), which administers and maintains the electronic communication systems, does not routinely capture the designation.

The disputed e-mail was sent through the DMC using the Agency Messaging Options which offers a “Complete Send” or, if senders select the “Options” function, two other possibilities. Senders can select an “Accessibility Option” which allows them to determine the message’s level of security and distribution, or the “Access Restriction Option” which allows a “read only access”. Senders can also tell the DMC what level of access they want. However, they will only be aware of these choices if they select the Options function at the outset.

The supervisor had attempted to classify her message by flagging it “Private” or “Confidential” through Microsoft Outlook. She had not understood that she also needed to flag it as “Protected” for the DMC. The DMC procedures require its classifiers to check the header information, analyze the contents, check the security level and verify with the sender if the security is unclear. The message is then sent to appropriate recipients.

Two factors contributed to the inappropriate disclosure; the supervisor’s misunderstanding of the system’s method of controlling access—disclosure was not intentional, and the DMC’s failure to properly classify the message before putting it on the system.

Following the complaint investigation, Statistics Canada issued agency-wide instructions on assigning security levels to e-mails. The agency is also considering having DMC personnel staff review any Outlook e-mail that is flagged with security designations before putting them in the database. Longer term, StatsCan will review the DMC’s workings and protocols on personal information and report progress to the Office.

The Office concluded that the complaint was well-founded but, given the work underway on the e-mail system, the Office need take no further action.

Report a problem or mistake on this page
Please select all that apply (required): Error 1: This field is required.

Note

Date modified: