Data Protection Policies

1. Introduction

1.1 Bracebridge Heath Parish Council recognises the importance of effective and secure information technology (IT) and email usage in supporting its business, operations, and communications.

This policy outlines the guidelines and responsibilities for the appropriate use of IT resources and email by council members, employees, volunteers, and contractors.

1.2 The aims of this policy are to:

• facilitate the ongoing development of the efficient management and delivery of the Council’s services.
• provide opportunities for staff to acquire and develop core ICT competencies.
• ensure that the Council’s ICT systems are reviewed regularly and adjusted to meet new or changing need.

2. Scope

2.1 This policy applies to all individuals who use Bracebridge Heath Parish Council’s IT resources, including computers, networks, software, devices, data, and email accounts. This includes but is not limited to:

• employees
• elected members (councillors)
• members of the public
• other people, companies, contractors and organisations in contact with Bracebridge Heath Parish Council.

3. Acceptable use of IT resources and email

3.1 Bracebridge Heath Parish Council’s IT resources and email accounts are to be used for official council-related activities and tasks. Limited personal use is permitted, provided it does not interfere with work responsibilities or violate any part of this policy. All users must adhere to ethical standards, respect copyright and intellectual property rights, and avoid accessing inappropriate or offensive content.

4. Device and software usage

4.1 Where possible, authorised devices, software, and applications will be provided by Bracebridge Heath Parish Council for work-related tasks.

4.2 Unauthorised installation of software on authorised devices, including personal software, is strictly prohibited due to security concerns.

5. Data management and security

5.1 All sensitive and confidential data held by or belonging to the parish council should be stored and transmitted securely using approved methods. Regular data backups should be performed to prevent data loss, and secure data destruction methods should be used when necessary. The council currently uses Microsoft Office Sharepoint for data storage.

5.2 All users are responsible for maintaining the security of their accounts and passwords. Passwords should be strong and not shared with others. Regular password changes are encouraged to enhance security.

5.3 In line with the council’s Data Protection policy, all suspected security breaches or incidents should be reported immediately to the clerk to council for investigation and resolution

5.4 All members, employees or volunteers must report any incidents which could pose a risk to the council’s systems or data security to the Town Clerk without delay. This includes but is not limited to:

• Lost devices
• Potential risk arising from phishing emails/websites
• Passwords having been shared
• Unauthorised access to systems

6. Network and internet usage

6.1 Bracebridge Heath Parish Council’s network and internet connections should be used responsibly and efficiently for official purposes. Downloading and sharing copyrighted material without proper authorisation is prohibited.

7. Email communications

7.1 Bracebridge Heath Parish Council provides a separate email account for all employees and members of council using the bracebridgeheath-pc.gov.uk domain. The email accounts are hosted through Microsoft. The clerk (or other designated person) will set up a new email accounts as required.

7.2 Councillors and employees are not permitted to use any other private or personal email account for council business.

7.3 A Council email account may not be used for personal purposes. Any email account used for council business should be accessed only by the member to whom it belongs.

7.4 When councillors or employees, cease to be part of the Parish Council, their email account will be closed down and all emails (sent or received) will be archived or deleted in accordance with Council’s Document Retention Policy. 

7.5 All users should regularly review and delete unnecessary emails to maintain an organised inbox. Emails should be retained and archived in accordance with legal and regulatory requirements.

7.6 The following disclaimer should be appended to all outgoing emails:

This email, content and any files transmitted with it are confidential and intended solely for the use of Bracebridge Heath Parish Council and the individual or entity to whom they are addressed. If you have received this email in error please forward it to the sender and delete it from your system. Thank you

8. Inappropriate use

8.1 Users must not use email to abuse or inflame others or to harass or threaten anyone. Responding to abuse, harassment or threatening will not be accepted as an excuse for inappropriate language and/or behaviour. Users must not send emails containing obscene, abusive or profane language.

8.2 Recipients of abusive or threatening emails related to the business of the Council must immediately inform the clerk or chairman.

8.3 Users must not send, access, display, download, copy or circulate information to containing stories, jokes or anecdotes that contain:

• pornography or sexually orientated images
• gambling
• gaming (playing computer games)
• promotion of unlawful discrimination of any kind
• promotion of racial or religious hatred
• threats including the promotion of violence
• fraudulent or illegal material promotion of illegal and/or unlawful acts
• information considered to be offensive, inappropriate or disrespectful to others
• unauthorised and copyrighted material including music.

8.4 Bracebridge Heath Parish Council will report to the police all known incidents in which users intentionally send or receive emails containing the following:

• Images of child pornography or child abuse (i.e. images where children are or appear to be under the age of 16 and are involved in sexual activities or posed to be sexually provocative)
• Adult material/pornography that breaches the Obscene Publications Acts (1959 & 1964)
• Criminally racist material

8.5 Users must not send, receive or disseminate proprietary data or any confidential information belonging to Bracebridge Heath Parish Council to or from a third party unless authorised.

9. Email monitoring

9.1 Bracebridge Heath Parish Council reserves the right to monitor email communications to ensure compliance with this policy and relevant laws. Monitoring will be conducted in accordance with the Data Protection Act and GDPR.

9.2 On the receipt of a Freedom of Information request or Subject Access Request it may be necessary for a member of staff to be given access to employee or councillor email accounts allocated by the Council. You will be informed if this is necessary to allow the Council to fulfil the request.

10. Mobile devices and remote work

10.1 Mobile devices provided by the council should be secured with passcodes and/or biometric authentication. When working remotely, users should follow the same security practices as if they were in the office.

11. Training and awareness

11.1 The council will provide regular training and resources to educate users about IT security best practices, privacy concerns, and technology updates. All employees and councillors will receive regular training on email security and best practices.

12. Compliance and consequences

12.1 Breach of this IT Policy may result in the suspension of IT privileges and further consequences as deemed appropriate.

13. Contacts

13.1 For IT-related enquiries or assistance, users can contact the clerk – clerk@bracebridgeheath-pc.gov.uk / 07899 888530.

13.2 All staff and councillors are responsible for the safety and security of the council’s IT and email systems. By adhering to this IT Policy, Bracebridge Heath Parish Council aims to create a secure and efficient IT environment that supports its business activities.

14. Responsibilities & review

14.1 The clerk, on behalf of the Council, is responsible for the administration of this policy and will report breaches to the Full Council for advice about further action.

14.2 The Full Council is responsible for reviewing this policy. This policy will be reviewed every three years or in response to changes in the law.

15. Related legislation, policies and guidance

15.1 This policy is not a substitute for legislation, regulations and codes of practice but defines how the Council will apply the relevant legislation. Related legislation, policies and guidance are listed below:

• General Data Protection Regulations (GDPR) 2018
• Freedom of Information Act 2000

Bracebridge Heath Parish Council internal documents:

• Data protection policy
• Subject Access Request procedure
• Privacy notices
• Document Retention policy

16. Version control and amendment history