IT Policy (draft)
Brill Parish Council Information Technology (IT) Policy (v1)
Purpose and scope
This policy sets out how Brill Parish Council uses its digital systems and technical hardware to ensure secure and efficient communications and information handling in compliance with legal responsibilities.
This policy applies to councillors, the Clerk, and all employees and contractors (collectively “councillors and staff”).
Email communication
All council business must be conducted using official GOV.UK email addresses. Personal email accounts must not be used.
Councillor and staff email accounts must be secured with strong passwords (preferably managed by a Password Manager) with additional security including Multi-Factor Authentication and/or Biometrics.
Council email accounts are managed by the Clerk using services provided by Parish Online. Users should access email through Zoho Mail (web-based or app). The Clerk is responsible for email support. Note they have access to all email accounts.
Email security
Take particular care handling emails sent from outside the Brill Parish Council system. Do not open suspicious emails or click on links you do not recognise. When replying or forwarding emails, check for inappropriate attachments and earlier messages that may be included inadvertently.
Do not conduct Parish Council business on public or unsecured wifi networks. This includes wifi in Buckinghamshire Council libraries and other facilities. Use password-protected wifi at home or in the Parish Office, or use a virtual private network (VPN).
Report suspicious emails and IT issues immediately to the Clerk. The Parish Council is obliged to report all data breaches to the Information Commissioner’s Office (website opens in new tab) within 72 hours.
All councillors and staff emails should be relevant and respectful and mindful of the reputation of the Parish Council. Think twice before including personal data that can identify individuals. Remember that all emails regardless of email system used can be requisitioned to comply with FOIA requests and legal proceedings.
Information management and data protection
With only rare time-limited exceptions (for example, a project conducted in the field without internet access) all documents should be stored on the Brill Parish Council Dropbox. Please follow the filing system determined by the Clerk to ensure logical storage and efficient access by all councillors and staff.
Councillors and staff are encouraged to use the Calendar, Notes and To Do sections of the Zoho website and app. These facilities can be used for collaborative working (as can Dropbox).
Absolutely no information containing the personal data of residents or others should be stored on personal devices, outside of Zoho Email or the local Dropbox interface.
Do not share sensitive Parish Council information or personal data with Artificial Intelligence (AI) systems. Be aware that all information shared with AI is uploaded to the system’s servers and used for product development. Interactions with AI can be requisitioned to comply with FOIA and other information requests.
Councillors and staff should be familiar with the Parish Council Privacy Notice which concerns the handling of personal data.
Parish Council website and newsletter
Agenda, minutes and financial information and other official documents should be published on the website within 5 working days of preparation. Every effort should be made to keep all areas of the website current, uncluttered and relevant.
The website should be accessible and engaging to all users. It must comply as far as possible with level AA of the Web Content Accessibility Guidelines 2.2 (WCAG website opens in new tab). Areas of non-compliance should be noted in the Website Accessibility Statement and a schedule followed to address these issues when resources permit.
The website is managed by a Parish Council contractor. This person must adhere to this and all other relevant policies. The Clerk also has full administrator and editorial rights over the website.
The website and monthly e-newsletter are prepared and published within the Squarespace Content Management System run on a secure laptop and protected by password and multi-factor authentication (MFA).
Newsletter subscriber lists and information gathered through website forms are stored within Squarespace. Personal data and other information do not leave the secure system unless it is shared for a legitimate and specific reason with councillors and staff through secure email. The MUGA booking system likewise operates entirely within Squarespace, using Acuity Scheduling.
Social media
The website designer/editor also maintains the Brill Parish Council Facebook Page and occasionally posts messages signposting readers to Parish Council events. There posts are usually ‘shared’ with the two Brill Village Facebook Groups to increase dissemination. The Clerk and a councillor also have administration access to the Facebook Page.
The Parish Council’s primary digital platform is the website. Residents are discouraged from using Facebook for serious communications with the Parish Council.
The Parish Council does not use Instagram (as of late 2025) or any other social media.
All Parish Council announcements and official information should be published on the website, with a signposting message on the Brill Parish Council Facebook Page if appropriate. Posts will be prepared by the website designer/editor (writing ‘as’ Brill Parish Council) in consultation with Clerk and councillors. In an emergency, the Clerk or Chair may use their personal Facebook profiles to post on the Parish Council Page.
Some councillors and staff use Facebook and other social media in a personal capacity. When they do so, they should remember that Brill is a small community and residents know the identities of their councillors. They should therefore take great care to (a) protect the reputation of the Parish Council and fellow councillors, and (b) distinguish between personal opinions and those of the Parish Council.
Please see the Communications Policy for guidance on who is authorised to speak on behalf of the Parish Council.
Technical devices
The Clerk and the Wildlife & Community Ranger use council-supplied laptops. Councillors and other employees and contractors use their own devices. All members of the Parish Council team use their own mobile phones.
Regardless of ownership, all devices used for Parish Council business should be stored security and protected with passwords and/or biometrics. Operating systems and software including anti-viral software, should be kept up-to-date to optimise security.
Training
All councillors and staff should engage with training in IT security and data protection. The Clerk will recommend training programmes as the need arises. As a minimum all personel should complete the following training every calendar year:
This policy
Prepared by Hannah Hulme Hunter March 2026
Adopted by Brill Parish Council at their monthly meeting March 2026
Due to the fast-moving nature of developments in information technology, this policy will be reviewed annually to ensure its continued relevance and effectiveness.
