Proof of email server receipt = proof of receipt of FOI request

The ICO has decided in decision notice FS50559082 (yet to appear on the ICO’s website, so for now check the annotation on WhatDoTheyKnow) that server logs indicating receipt by a public authority’s email server constitute persuasive proof that the authority received the request.

12. The Commissioner notes that there is evidence to show that around the period the request was made the Cabinet Office was having difficulty receiving emails from the Whatdotheyknow site. However, the Commissioner was given confirmation from the Whatdotheyknow website that the request in this instance was received by the Cabinet Office’s email servers.

13. The Commissioner considers that there is sufficient evidence to show that the Cabinet Office had received the request on the date it was sent by the complainant.

In this case, the Cabinet Office’s email MX server in receipt of the email i by Symmantec’s “Message Labs” cloud-based email security platform. It is possible that the request was lost in Symmantec’s system and not the Cabinet Office (perhaps falsely classed as spam.)

WhatDoTheyKnow always keep email server logs (barring any exceptional technical problems) and so administrators are always able to prove the authority’s receipt of the request. (We have suggested that this information should be directly available to our users.) Similarly, my website hosts (Penguin UK) keep email server logs for a limited period and customers can get a copy of the log entry in question. I should imagine that other hosts using CPanel should offer the same facility.

When making FOI requests by email (or perhaps even when making subject access requests), requesters may wish to get and keep a copy of the mail server log proving the body’s receipt of the request – particularly where the body doesn’t issue automatic acknowledgements of such emails and/or has a …. patchy record of compliance with the Act, like the Cabinet Office.

H/t JT Oakley / @jatroa for pursuing this issue.