On November 7th, the Newfoundland and Labrador Supreme Court issued an access to information decision with some notable points.
First, the Court held that a public body validly redacted file path information from a document set based on the security of a computer system exemption to the public right of access. The public body adduced good evidence that the paths could be used by threat actors to (a) randomly generate usernames amendable to brute forcing or similar attacks (b) identify domain administrators, and (c) map the network, all creating a real and non-speculative risk of attack. The finding is based on the evidence, but there is nothing unique about the the risk that the Court recognized.
Second, the Court affirmed a decision to apply the privilege exemption based on a solicitor-client privilege claim and despite a dispute between the public body and the Newfoundland Information and Privacy Commissioner about the scope of the so called “continuum of communication.” The Court held the following communications were within the protected continuum:
- E-mail messages between non-lawyers that were subsequent to the direct giving and receiving of legal advice about “process and timing” (and up the e-mail thread).
- Drafts of documents known to be subject to editing by legal counsel and from which “an informed reader could readily infer what legal counsel had advised.”
- Notes, questions and references in documents made by an individual who gave evidence that she received legal advice in relation to all the notes, questions and references.
This finding is as sound as it is protective in my view.