The City of Victoria has confirmed the existence of a fourth privacy breach involving Victoria Councillor Ben Isitt’s email access that occurred in 2020, moving back the timeline over which a series of repeated privacy breaches relating to Isitt’s email practices have taken place in 2020 and 2021.
“…the Red Cedar Café privacy breach occurred in 2020,” City of Victoria Head of Engagement Bill Eisenhauer replied when asked for comment in relation to information contained in a letter authored by a City of Victoria privacy analyst and obtained by CFAX 1070.
The newly obtained letter is dated January 14, 2022, and was sent the day following the broadcast of CFAX 1070’s coverage of three confirmed privacy breaches in 2021 involving Isitt’s councillor email access and provisions of the Freedom of Information and Protection of Privacy Act (FOIPPA). The new letter contains seven recommendations intended to prevent future privacy breaches from occurring.
“The City conducted and has concluded privacy breach investigations in response to the incidents of emails sent by Councillor Isitt regarding the Red Cedar Café, the City budget on November 17, 2021 and Councillor’s Isitt’s work as a councillor on December 14, 2021,” the document reads. Privacy breaches were found to have occurred involving the use of email addresses that had been improperly collected without consent through Isitt’s access to council emails.
The City of Victoria has already acknowledged the existence of a privacy breach involving Isitt’s non-consensual publishing of the personal information of a multiple sclerosis advocate during a twitter dispute in early 2021 after she criticized Isitt’s dual participation in a meeting of Victoria council’s Committee of the Whole while Isitt was also overseeing a delivery at the Red Cedar Café Community Care Kiosk in Beacon Hill Park. Isitt later revealed to the public that he had founded the Red Cedar Café non-profit earlier in the pandemic but had avoided public association with Red Cedar for fear of politicizing its services, which were funded in part by substantial amounts of public money. However, the 2021 Red Cedar incident is not the same Red Cedar incident referenced in this newly obtained document.
The letter references the “2020 Red Cedar Café” email incident in the third of seven recommendations proposed to prevent future privacy breaches under “FOIPPA,” the Freedom of Information and Protection of Privacy Act:
“3. That Councillor Isitt no longer disseminate emails that are not about his work as a councillor with the City of Victoria. For example, the 2020 Red Cedar Café and the December 14th electioneering email did not comply with FOIPPA even if the correct consent was obtained by all recipients.”
While the City has not confirmed the precise date upon which the email that caused the newly confirmed privacy breach was sent, CFAX 1070 has obtained an email sent by Isitt May 4, 2020 in which Isitt advises the recipient that he is “volunteering” with a new non-profit. The email solicits recipients for financial donations that can be sent by e-transfer or by cheque to Red Cedar Cafe's initial 2020 location on Johnson Street, but it also includes Isitt’s physical mailing address at Victoria City Hall.