Geoffrey Blanc is the General Manager of Terrebonne, Quebec-based Cyberimpact, a Canadian email marketing platform used by businesses, public organizations, and nonprofits across the country. He has more than 10 years of experience leading teams, running software-as-a-service operations, and working on email deliverability and compliance.

Canada is investing billions to modernize public services. Governments are upgrading cloud infrastructure, strengthening identity systems and funding digital platforms designed to improve speed, access and reliability for citizens. 

On paper, the strategy appears sound. 

In practice, one of the most heavily used pieces of digital infrastructure remains largely overlooked: email.

Every day, governments rely on email to verify identities, reset credentials, deliver benefits, issue compliance notices and communicate during emergencies. These messages move sensitive personal data at scale. Yet email rarely receives the same governance review as core digital systems.

That gap is larger than many policymakers assume.

I have spent nearly 20 years building and managing digital systems used by governments, universities and public institutions. Through my work as General Manager at Cyberimpact, I have observed that, when incidents occur, they rarely start inside secured applications or hardened infrastructure.

They start in inboxes.

A familiar scenario plays out across Canada.

A public agency launches a new digital service. The application passes security review. The hosting environment meets compliance standards. The project is delivered on time and under pressure.

But the email platform that supports that service is treated as a utility rather than infrastructure. It is procured quickly, often bundled with other tools, and governed under a different set of assumptions.

Months later, citizens receive phishing emails that look identical to legitimate government messages. No internal system is breached. No database is hacked. Yet trust erodes overnight.

The technical failure is small. The reputational cost is not.

Research consistently shows that trust is fragile in digital interactions. Eighty-seven percent of Canadians say an organization’s reputation for handling data affects whether they engage with it. When communication channels fail, confidence in the institution fails with them.

This creates a contradiction in Canada’s digital government strategy.

We invest heavily in front-end services and back-end systems. We fund innovation through research programs, modernization grants and public procurement reform. Yet we underinvest in the communication layer that connects those systems to people.

Email is not a technical issue, it’s a governance problem

Email sits at the intersection of technology, policy and behavior. That makes it uncomfortable to govern. It is not purely an IT problem. It is not purely a communications problem. It is a trust problem.

Most procurement frameworks still evaluate email platforms based on cost, features or ease of deployment. Hosting location may be reviewed. Legal control and operational access often are not.

This distinction matters.

A platform can store data in Canada while remaining subject to foreign laws, foreign access or foreign operational control. From a citizen's perspective, that difference is invisible. From a governance perspective, it is critical.

When inboxes are governed outside Canadian jurisdiction, public institutions lose practical control over one of their most sensitive trust channels.

This is not an abstract risk. It shows up in measurable ways.

Phishing campaigns increasingly target email because it remains the easiest path to impersonation. Inbox providers rely on trust signals to determine what gets delivered. When those signals weaken, legitimate messages are filtered or delayed, while malicious ones slip through.

The result is a slow erosion of confidence. Citizens stop trusting what arrives in their inbox. They hesitate to click, respond or comply. Digital services become less effective, not because the service failed, but because the communication layer did.

For a country investing heavily in digital transformation, this is a governance blind spot.

Research and innovation policy often focuses on building new systems. Less attention is paid to maintaining trust in existing ones. Yet trust is cumulative. Once it is lost, it is expensive to rebuild.

Email should be treated as critical trust infrastructure.

That means applying the same questions we ask of other digital systems:

• Who owns the platform?
• Which laws apply to the data?
• Who has operational access?
• How is consent managed and audited?
• What accountability exists when something goes wrong?

These are not technical details. They are policy decisions.

They shape how citizens experience government, influence whether people believe digital services are safe to use, and affect long-term adoption of innovation across the public sector.

Where Canada can set a new precedent

Canada has a clear opportunity to lead.

Privacy and data protection already sit at the center of public policy. Governments invest heavily in research tied to ethical technology, responsible AI and citizen-focused service design. Communication infrastructure belongs within that same scope.

That requires treating email as critical infrastructure, not a low-risk utility.

For decision makers, the next steps are straightforward:

1. Include email platforms in formal security and governance reviews as part of core system architecture.
2. Assess legal control alongside the hosting location. Data residency without jurisdictional clarity leaves gaps.
3. Align procurement criteria with trust outcomes, not just cost. Lower upfront pricing often increases long-term risk.
4. Connect research, policy and operations. Insights from digital trust research should inform procurement standards and implementation practices across government.

Digital government does not succeed because systems are fast or modern. It succeeds because people trust the messages they receive.

Trust is built where people communicate.

If Canada wants its digital investments to deliver lasting value, it must govern the inbox with the same seriousness as the systems behind it.

R$