Information Technology Protocol
INFORMATION TECHNOLOGY PROTOCOL
COUNCILLORS
- INTRODUCTION:
There are many benefits to IT but the increased flexibility inherent in the use of IT facilities leads to increased personal responsibility for the users to ensure that it is always used within appropriate guidelines. This policy is designed to reduce the risks and to protect Councillors, the Town Council and its information.
This policy is in place to inform Councillors on the appropriate use of the Council’s IT facilities and provides information on the types of use that may be considered inappropriate.
This Policy applies to all elected Councillors of Knowsley Town Council and should
be read alongside the Code of Conduct for Elected Members.
Councillors must be aware that non-compliance with this policy may place the
Town Council’s IT infrastructure and data at serious risk and may be referred to
the Monitoring Officer and/or Standards Committee. In certain cases where a criminal offence is suspected, this may be referred for investigation by the police.
- GENERAL PRINICIPLES:
The general principles apply to ALL aspects of the use of the Town Council’s information technology. They should be read and understood by all Councillors using any aspect of the Town Council’s information technology provisions.
Offensive and/or inappropriate content:
Councillors MUST:
- Notify the Monitoring Officer/Deputy Monitoring Officer if they receive any form of electronic communication that they consider to be or could be interpreted as
unlawful, offensive or inappropriate.
- Consult the Monitoring Officer/Deputy Monitoring Officer if they are unclear
about the appropriateness of any material.
Councillors MUST NOT:
- Communicate material (either internally or externally) which may be considered
defamatory, obscene, racist, or which could reasonably be anticipated as
inappropriate or offensive.
- DATA PROTECTION AND FREEDOM OF INFORMATION:
Councillors MUST understand that emails and other forms of electronic communication may be considered to be recorded information from the Town Council and could be subject to disclosure to third parties under the Data Protection Act 1998 or the Freedom of Information Act 2000. Even if emails are deleted, they are recoverable for up to 12 months through IT backups and can be stored for subsequent disclosure and evidence.
Councillors MUST:
- Comply with the data protection principles, which include a requirement that
computer systems are secure.
- Maintain the same standards of confidentiality when working on documents
or material in the workplace or elsewhere (including at home).
- Ensure that any electronic data authorised to be shared with a third party is
undertaken in a secure manner.
Councillors MUST NOT:
- Store any data on unencrypted portable/removable storage devices
(including laptops, USB drives etc)
- Allow third parties to access any Town Council information without confirming
that they are authorised to have such access.
Virus Transmission:
Councillors MUST:
- Report any suspicious messages and/or files received.
Councillors MUST NOT:
- Transmit by any electronic means any message, files or attachments which they know or suspect to be infected by a virus.
- Forward virus warnings (unless requested to do so).
Copyright:
Councillors MUST:
- Ensure that any material used from the internet or other sources complies with copyright and other relevant legislation.
Councillors MUST NOT:
- Use the Town Council’s IT facilities for unauthorised copying or retransmission of recordings from whatever media that may infringe copyright.
Breach of Confidence:
As material can be easily forwarded and copied by the user of IT facilities, a breach of confidence may be more likely to arise.
Councillors MUST have in mind the Council’s Code of Conduct for all elected members when dealing with confidential information. Councillors MUST seek guidance if they have doubts about the use, sharing or transmission of confidential information.
Councillors MUST NOT:
Supply the Town Council’s bank details to any person or organisation without prior written authorisation from the Council. This includes all aspects of e-commerce.
Contractual Relations:
Provided that an external party reasonably believes that an elected Councillor has the authority to negotiate, or enter into an agreement, then the Council will be bound by the elected members’ actions. Emails and other electronic communication made by an elected member can be acknowledged as originating from the Town Council; therefore, recipients will in most cases be acting reasonably if they assume that they are sent with the Town Councils authority.
Councillors MUST exercise care when using electronic communication with external parties and ensure that they are authorised to enter into any actual or implied contractual agreement.
Obscene Material:
The publication of obscene material is a criminal offence. The definition of “publication” includes electronic storage or transmission of material and therefore members must not publish such material.
Personal Use:
Councillors MUST:
Comply with copyright, data protection and other relevant legislation if using Town Council IT facilities for personal matters.
Councillors MUST NOT:
- Undertake any actions using Town Council IT facilities (i.e. Town Council email address) which may bring the Council’s name into disrepute.
Under any circumstances use Town Council IT facilities in relation to any private or third party business.
- Use Town Council IT facilities in relation to personal work with charities (e.g. youth organisations) without prior written approval.
IT Access:
Access controls are put in place to protect information by controlling who has the rights to use different information resources and by guarding against unauthorised use.
Usernames and Passwords:
Councillors MUST:
- By default assume responsibility for all actions undertaken on a computer when their username and password has been used that they must keep the password secure and confidential.
Councillors MUST:
- Use a strong password containing characters and a mixture of upper and lower case letters, numbers and special characters for prime network logon and for any other application where a complex password is supported.
Councillors MUST:
- Use a strong password that is designed in such a way that it is unlikely to be detected by people who are not supposed to know it. Members should change their passwords on a regular basis and notify the Clerk of the Council of the change of password or if they suspect that their password has been compromised.
Councillors MUST:
- Only use secure and approved means for remote connection to the Town Council’s IT facilities.
Councillors MUST NOT:
- Use the same password for business and personal matters.
Use a weak password that is easily discovered, or detected by people who are not supposed to know it.
Write their password down or share their password with anyone else.
Use another person’s username or password to gain access to the Town Council’s IT facilities.
Use the “remember password” function or store passwords on an unencrypted computer.
Connect any non-council owned devise to the Town Council’s IT facilities without prior written authorisation.
Councillors MUST:
- Use a screen saver lock if they are working away from their computer.
- Log out from active applications during periods of absence.
- Shut down the computer at the end of the normal working period.
Councillors MUST NOT:
- Leave any portable electronic devises unattended, unless secured by an
appropriate locking mechanism.
- TOWN COUNCIL EMAIL SERVICES:
Email is now an essential business tool. It must be used in an appropriate manner to ensure that correspondence is sent and stored securely and is compliant with relevant legislation and security standards.
Email is provided for Councillors for business use, guidance on such use is set out below.
Councillors MUST:
- Ensure that all use of the Town Council’s emails conform to agreed standards
and security requirements.
- Understand the general principles for the use of IT.
- Have regard for the legal considerations outlined in the general principles above prior to sending emails.
- Seek advice regarding the sending of emails that contain personal, sensitive or confidential information outside of the Council’s secure email service.
- Comply with the Data Protection Act for any data being transferred.
- Ensure that all recipients of an email are entitled/authorised to view the contents.
- Seek advice if they have any queries relating to the business use of email.
Councillors MUST NOT:
- Send or forward emails to people if they are unsure that the recipient is entitled or authorised to see the content.
Use Council email facilities for the transmission of unsolicited commercial or advertising material, chain mail or other junk mail of any kind to colleagues or any other organisation.
Create or transmit material which could bring the Town Council, Members, Staff or Partners into disrepute.
Send emails to large distribution groups without authorisation.
Personal Use of Town Council Emails.
Knowsley Town Council recognises that there may be a small number of occasions where Councillors may wish to use their Town Council email address for personal correspondence. This may be permitted on occasion. However Councillors MUST
be aware that all such emails will be subject to the same monitoring as business emails and are recoverable for up to 12 months after deletion.
Councillors MUST:
Undertake personal use in their own time.
Ensure that such use is lawful and complies with the Town Council’s other policies.
Ensure that personal use does not have a negative impact on the Town Council, Members or Partners.
Add the following: “This email is personal. It is not authorised by, or sent on behalf of Knowsley Town Council, its members or staff. This email is the personal responsibility of the sender”
Councillors MUST NOT:
- Conduct any form of private or third party business using the Town Council’s email services.
- Use the Town Council email address to register for the personal use of social networking sites or any other personal online services.
Mailbox Management:
To ensure that emails can be received and sent efficiently, it is important that some basic email management processes are adopted by Councillors. Members MUST archive old emails and calendar appointments and keep mailboxes within agreed size limits.
Councillors should take action to delete unwanted emails regularly and whenever prompted that the email threshold has been reached.
Councillors MUST NOT:
Grant delegate access to mailboxes to anyone who does not have a legitimate business need to view all content that maybe received to it or contained within it.
knowingly exceed the mailbox limits as this may prevent the future receipt of emails and/or the sending of emails.
EMAIL SAFETY:
Councillors MUST never reveal details of the Town Council’s banking system or personal details relating to other members or employees when using the Town Council email services.