COCHRANE – Cochrane is making changes after a third-party audit uncovered serious confidentiality breaches.

Investigative Risk Management (IRM) found unauthorized access to closed meeting recordings, the improper sharing of legally privileged information, and major failures in records management among senior staff and some council members.

According to a summary of the investigation, concerns about records management and confidentiality first surfaced in December 2024 after the clerk’s department found records were not being properly managed and that access controls for closed meetings recordings were not functioning properly.

The investigation summary was tabled at a March 10 council meeting, where Coun. Sylvie Charron-Lemieux voiced her concerns.

“I just want to put this out there because all of these conversations happened in closed so far, I still think we didn’t go far enough with this investigation,” she said.

There were no further comments or questions from council.

The municipality says the senior staff members are no longer working there.

In a statement, Mayor Peter Politis said council is taking the situation seriously and is committed to restoring public confidence.

“Our residents expect and deserve a high standard of governance,” he said in a March 25 news release.

“We intend to continue to undertake the difficult choices required to not only meet the expectation but exceed it.”

TimminsToday reached out to the town for further comment and has not received a response.

For the investigation, IRM, a Barrie-based workplace investigations firm, was helped by MNP Canada, which provided forensic data analysis.

According to the audit, people invited to closed, in-camera council meetings kept access to full recordings after the meetings ended.

It states the issue was discovered after confidential information discussed during closed sessions appeared to be referenced by people who were not authorized to access it.

Confidential information from closed meetings was allegedly shared verbally among staff and council members who were not authorized to receive it.

Those discussions included sensitive topics such as staff discipline, labour negotiations, organizational restructuring and ongoing legal matters.

In some cases, confidential records were forwarded from municipal email systems to personal email accounts, exposing internal communications and legal strategies to individuals involved in legal disputes with the town.

The audit summary shows investigators reviewed electronic records dating back to mid-2023 and identified 362 emails that were potentially in breach of town policies.

Those breaches included sharing confidential information with unauthorized individuals, forwarding municipal emails to personal email accounts, and using personal email addresses to conduct official business.

The report notes there was no evidence that any of the breaches resulted in personal or financial gain.

“However, it was noted that certain information contained within these emails could potentially be used for personal advantage under specific circumstances relating to certain members,” the report reads.

Sensitive documents were also stored across multiple platforms without consistent procedures, creating legal and operational risks for the municipality.

“Despite concerns having been brought to the attention of members of senior staff at the town, no actions were taken to remedy or address the situation,” the report reads.

The audit summary also found municipal governance policies were outdated — some dating back to 2009 — and that several members were either unaware of the policies or had never read them.

Investigators also noted the town relies on a single IT staff member and that some physical records are stored in the basement of town hall, highlighting additional challenges in managing records securely.

The town or the audit summary did not disclose how many staff or council members were involved in the breaches.

The municipality is making changes, including limiting access to closed-session recordings, with only the clerk and deputy clerk able to access them.

It’s updating its records management system by digitizing and securely storing documents, and reviewing polices related confidentiality and record access.

Mandatory training on confidentiality and records management will be required for both staff and council members. New electronic security protocols will also be introduced to better control access to sensitive information.

IRM’s recommendations included strengthening governance, records management and security practices within the municipality.

Those recommendations included updating outdated policies related to confidentiality, email use and electronic devices, and ensuring those policies clearly apply to both staff and council members.

The report also recommended establishing formal onboarding processes to ensure all members understand and follow municipal policies, improving training on records management systems, and developing standardized security measures for all town-issued equipment.

Investigators further recommended securing a dedicated server to better protect sensitive data and increasing IT support capacity to improve oversight of the municipality’s technology systems.

---

You can support trusted and verified news content like this.

FIPA’s news monitor subscribers, donors and funders help make these available to everyone rather than behind a paywall. We appreciate every contribution because it makes a difference.

If you found this article interesting and useful, please consider contributing here.

---

Learn more about our News Monitoring here.