Some of Ontario’s public servants, elected officials and political staff use instant messaging services and personal or political party email accounts, in addition to their institution-issued email accounts, while doing business.
It is important to note that records relating to an institution’s business are subject to the access and privacy provisions of the Freedom of Information and Protection of Privacy Act (FIPPA) and the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), even if they are created, sent or received through instant messaging tools or personal email accounts.
The use of instant messaging and personal email accounts can create a number of challenges for institutions in meeting their administrative and legal obligations under Ontario’s access and privacy laws. The guidance document, Instant Messaging and Personal Email Accounts: How to Meet Your Access and Privacy Obligations was developed to help Ontario’s public institutions meet those obligations.
The IPC recommends that leaders of public institutions strictly control the use of instant messaging and personal email accounts for conducting business. If it necessary to use these tools, institutions must plan for compliance by implementing appropriate policy and technical measures to ensure that records are saved.
It is the responsibility of all institutions subject to FIPPA and MFIPPA to ensure that they are in compliance with those Acts, and to remember that access to information requests cannot be evaded by using instant messaging or personal email accounts.