EMAIL & FIPPA
Email is increasingly used for conducting University business and is viewed as a University record.
Records in the custody and control of the University are subject to the public right of access in the
Freedom of Information and Protection of Privacy Act (FIPPA). The following best practices are to
help the University community use and manage their email in a manner consistent with the
requirement of FIPPA.
1. Email is not confidential. Even if your email is not subject to FIPPA it can be forwarded
and lead to the unintended disclosure of personal information or confidential information.
Be cautious with the information you send or forward and what you attach.
2. Whenever possible don’t use email to communicate confidential or sensitive information or
personal information. Email that is sent outside the University network is particularly
3. If you must communicate sensitive information electronically consider using a document
sharing service, like Qshare, that requires users to authenticate their identity to obtain
access. If you must communicate sensitive information by email verify the email addresses
of all recipients, use the “reply” rather than “reply all,” include a confidentiality statement
at the bottom of your email, and remove as much personal information as possible.
Consider password protecting files sent by email and asking the recipient to telephone you
for the password.
4. Take care with the content of your email to ensure that you are using appropriate
language, style, and subject matter so that disclosure of your email won’t embarrass you.
5. Email bears University identifying marks. Use the same care with it as you would with
6. Some information is likely to be subject to FIPPA and warrants special care. Emails that
relate to the conduct of University business (other than research or teaching), for example,
your services on a Senate committee, emails that initiate, authorize, or complete a business
transaction, and emails that document or record a decision making process may be
released under FIPPA.
7. Some information is likely outside of the scope of FIPPA, for example, personal emails,
birthday announcement, lunch plans, and emails that relate to research or teaching.
8. Reduce duplication wherever possible. Don’t keep a printed copy and an electronic copy
of the same email. As long as the content of the record is identical, the medium the
information is recorded in is irrelevant.
9. Don’t over distribute your emails. Think about the distribution lists on your email. Over-
distributed emails clutter inboxes and create unnecessary copies of emails.
10. Use concise but informative subject lines. This will help the recipient and may help the
Access & Privacy Coordinator if she is looking for emails responsive to a FIPPA request.