Category Archives: Information

Parish Council email accounts and GDPR

We often get asked the question: should the clerk or Councillors be using their personal email accounts for council business?

While this wasn’t a problem in the past, the new GDPR regulations mean that it isn’t advisable. There are 2 main reasons for this – under GDPR, people have:

  • The right to access all information that you hold about them
  • The right to be forgotten (ie have all information you hold about them erased)

Fulfilling both of these obligations can be difficult when the clerk or Councillors may have information buried within their personal communications. Also, if the clerk or a Councillor has left the council it will be difficult and time-consuming to retrieve or delete all the information shared as part of council business.

There are 2 ways of solving this problem:

  • Set dedicated accounts for your Councillors, using your Council’s domain name. We recommend using Webmail to access the emails as that way no messages are downloaded to the Councillor’s PC or phone. There are 2 advantages to this approach: your Councillors will have an official email address such as cllr.john.smith@yourcouncilname.org.uk; secondly you will have complete control over deleting all their messages after they leave the Council.
  • Get your Councillors to set up dedicated council email accounts using a free online email such as gmail. When a Councillor leaves the council, they can simply delete the account and all the content. This isn’t ideal as you will need to rely on them to delete the account and all the messages after they leave.

 

There are 4 main advantages to using emails that are set up to use your domain name (for example clerk@parishcouncilname.org.uk):

  • It is more official and more professional. Anyone can set up an account such as clerk.parishcouncilname@gmail.com whether they have a link to the council or not.
  • It offers more privacy – Google are able to offer free email accounts by selling user’s metadata to advertisers.
  • It enables the Council to have full control over removing email accounts when a Councillor leaves the Council – in the case of Gmail you are relying on the Councillor to delete the account themselves. This can be an issue with GDPR if a parishioner requests the disclosure of all information regarding them and the Council is not able to provide it as it is controlled by an ex Councillor.
  • In addition (another GDPR issue) – all the data from email accounts we offer is held in the UK.

Our costs are to cover the fees we pay for the server space; the time spent responding to support requests and also adding and removing email accounts as Councillors change.

 

 

 

 

 

Choosing the best website provider for a town, parish or community council

When choosing a parish council web provider it is very important that your new site is safe, secure and compliant.

Town and parish council website legal requirements

There are a host of regulations out there that local council websites must comply with.

The main ones are that your site is:

  • WCAG 2.1 AA compliant

  • GDPR compliant

  • Transparency code compliant

    • This means that you publish all the necessary information to provide transparency to your parishoners and website visitors. This includes publishing minutes, agendas, financial information and Councillor’s details in a timely manner. You can read about what you need to do to make your website transparancy code compliant here: Transparency Code for Parish Council Websites

Town and Parish council website hosting

When choosing a host for your website there are a number of factors to take into consideration

  • Security – where to begin on this huge subject… Well it’s imperative nowadays for sites to have an SSL certificate which means that the connection between the visitor and the server is encrypted. You should also make sure you use strong passwords.
  • Backups – it’s imperative to maintain backups of your site content. We’ve heard from so many people who’s sites have been hacked and they have lost everything because it wasn’t backed up.
  • Speed – it’s important for your users that your web pages and files load quickly, especially for those living in rural areas with slow internet connections.
  • UK-based hosting – while not imperative, this is desirable. It means that when your visitors click on your site the signal doesn’t need to be bounced to America and back (for example), which helps with site speed. It’s also desirable for GDPR, ensuring that your information is hosted in the UK.

Easy to use websites with help and support

You want a website that is easy to maintain and update.

It’s best if you are able to do this yourself as this means that you don’t experience delays in getting someone to make changes to your site and can do alteration as and when you need to.

You can’t beat having a friendly voice on the end of the phone or email who will answer any questions you have – so much quicker and easier than poring through help documents or watching endless YouTube videos.

Email safety tips

Many people fall victim to traps by criminals sent in emails. More recently, these criminals have used the pandemic as a cover story to con large amounts of money or personal data from unsuspecting victims by phishing. Here are some simple things to be aware of

Definition: Phishing. Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.

  • Your bank will not discuss your private financial situation by email. If you receive any correspondence that claims to come from your bank, telephone your branch to verify it and discuss the matter over the telephone instead.
  • Don’t open attachments or click on links from anyone you do not know. If you do click on them, this could result in malware being downloaded to your device.
  • Look for spelling and grammatical errors. These messages often come from abroad.
  • Look at the email address of the sender. If it doesn’t look like it’s from the company they represent, don’t respond.

Finally, when you see a suspicious email, delete it. Put it in the bin where it belongs!

How to clear your cache

Sometimes your site just doesn’t display as you would expect it to. It could be that it’s not showing the latest updates you have made or it could be giving you odd redirects. A good idea is to clear out your cache and see if that fixes the problem.

Everybody’s browser stores a copy of any sites visited so that it can load them more quickly if they revisit the same site. Exactly how this is set up depends on the browser and the settings on the user’s computer.

How you clear your cache depends on which browser you are using. For information about how to clear the cache in your browser, click on one of the links below:

Help! I can’t see my website updates

How to reload or refresh your page if you can’t see your updates

Sometimes you may find that you have made changes to your web page and you have a look at the page on the live site and can’t see the changes you have made. The reason you aren’t seeing the latest version of the website is most likely because you are viewing a ‘cached’ version.

Everybody’s browser stores a copy of any sites visited so that it can load them more quickly if they revisit the same site. This is called the cache. Exactly how this is set up depends on the browser and the settings on the user’s computer.

The way to make sure you are seeing the latest version of the web page is to reload or ‘refresh’ the page.

You can either reload the page by clicking the CTRL + F5 at the same time (or Cmd + R in Mac) buttons on your keyboard. Alternatively you can click the icon that appears to be an arrow going round in a circle that is usually on the top bar of you browser. We’ve outlined the button in red on the screenshots below.

Reload your web page in Google Chrome

reload page - chrome

Refresh your web page in Firefox

reload page - firefox

Reload web page in Internet Explorer

reload page - internet explorer

Another way to check if the changes you have made have been applied is to have a look at your site using a different browser, or a different device, for example your phone. If you can see the changes then they have been applied and it is because your most commonly used browser is showing you a previously stored version.

Very occasionally, you may need to clear the cache on your browser to see your changes. How you do this depends on which browser you are using. You can read about how to do that here: https://wiredimpact.com/blog/clear-cache-see-website-updates/

6 ways to make your council website more secure

We can’t emphasise enough how important it is to keep your town, parish or community council website safe and secure from hackers. According to Securityweek.com, approximately 18 million websites (that’s 1% of the nearly 2 billion websites online right now) are infected with malware and that the average website is attacked 44 times each day.

1. Use an SSL certificate for your website

An SSL certificate is used to provide a secure connection between the server and the visitor to your website. These are now pretty much mandatory, with Google marking any website that doesn’t have one as ‘unsafe’.

How can you tell if you town, parish or community council website has an SSL certificate?

When you are visiting your site, look at the address bar at the top of the browser. Does the address begin https:// and display a padlock icon just before the address? If it does then you have an SSL certificate installed and working. If your address just begins http:// (without the ‘S’) then you need to get one installed. Just contact your website provider and ask them to install one for you.

2. Use a strong password to log into your website

Make sure that the password you use contains upper and lower case letters, numbers and special characters. It is a good idea to use different passwords for each site you use, as if there is a data breach on one site, the hackers don’t gain access to other sites you use. This is especially important on any sites where you buy things such as Amazon or Ebay, but also for your website, because these are a target for hackers wanting to install malware.

3. Make sure you backup your website

This is imperative as if your site gets hacked you will need a backup copy to restore all your files and information. We have had lots of parish councils who have requested a new website and told us that their existing site got hacked and they lost everything. Just like any computer system – make sure you have backups and that they are stored off-site.

A good hosting company will keep regular backups of your site. It’s worth checking with your provider to see if they do this.

4. Keep you software up to date

Providers of Content Management Systems (CMS) software such as WordPress or Joomla and the makers of the software that adds functionality to your town or parish council website constantly provide updated software with added security enhancements, in much the same way as your computer updates it’s operating system (usually Windows for those on a PC) from time to time.

You should always make sure your website is running the latest versions of all software that will include patches for any vulnerabilities that are discovered. You should also delete old unused software, as this can still act as a backdoor for hackers, even if it is not in use.

5. Don’t use the default usernames and log in page

When your site is first installed, the installation program usually sets up a default user to be the main site administrator. So for example WordPress uses ‘admin’ as the default name and https://[yoursite]/wp-admin or https://[yoursite]/login to get to the login page. If you use these defaults, hackers already have 2 of the 3 pieces of information needed to log in and hack your site – the third being your password.

If you change these settings from the default, hackers would need to guess 3 pieces of information to hack your site – the username, the password and the login page.

If you site is set up in this way, you can ask your website host to make it more secure.

6. Use a firewall and anti-malware software

Just like on your computer, it is vital that you have security software installed to protect your site. There are lots of security systems available depending on what platform your site is running on. You can ask your website host about the options available.

To get a quote for our hosting service – which includes all the features listed above, you can visit: Get a Quote

Email accounts explained

With the advent of GDPR, town, community and parish Councillors and the clerk should no longer use personal email account for council business.

There are two main types of accounts: free web-based emails such as hotmail or gmail and hosted email accounts where the email address uses your domain name eg clerk@yourdomain.org.uk.

With hosted accounts there are 2 types: POP and IMAP and the main difference between these is that with IMAP, messages are stored on the server and are accessible from anywhere and with POP accounts messages are downloaded to the user’s computer.

Hosted Accounts

IMAP accounts

Pros

  • Messages are stored on the server
  • You can access your email from any computer or device that is connected to the internet
  • You don’t need to be connected to the internet to view received messages or compose new messages, but you need to be connected to send or receive messages
  • You can use either an internet browser or an email program such as Microsoft Outlook or Thunderbird to access your emails
  • The council has control over all email accounts and can request the removal of an account and deletion of messages if a Councillor or clerk leaves the council
  • Your email address uses your website domain name – giving a more professional appearance

Cons

  • You will need to pay to have the accounts set up and maintained
  • Most companies will charge extra for storage space for the email messages

POP accounts

Pros

  • Messages are downloaded to the your computer
  • You need a program such as Microsoft Outlook or Thunderbird to access your emails
  • You don’t need to be connected to the internet to view received messages or compose new messages, but you need to be connected to send or receive
  • The council can request that an account be removed if a Councillor or clerk leaves the council, and that account will no longer work, although messages already downloaded will remain on the user’s computer (see Cons below)
  • Your email address uses your website domain name – giving a more professional appearance

Cons

  • You will need to pay to have the accounts set up and maintained
  • You can only access the messages on the computer that the messages have been downloaded to
  • If you request that an account be removed, messages that have already been downloaded will remain on the user’s computer unless they delete them

Free web-based accounts

Pros

  • You can access your emails from anywhere connected to the internet
  • It’s a free service

Cons

Making your website GDPR cookie compliant

What is a cookie

A cookie is a small text file that is downloaded onto ‘terminal equipment’ (eg a computer or smartphone) when the user accesses a website. It allows the website to recognise that user’s device and store some information about the user’s preferences or past actions. Cookies are used by virtually all modern websites.

Cookie consent

Users must be given the option to consent or refuse to accept cookies. Cookies must be deactivated until that consent is given. The exception is for cookies considered Strictly Necessary, such as cookies that are set when a user logs into a site  and that are required to ‘remember’ this fact.

The only way to fully comply with the new GDPR restrictions on cookies is to set up a ‘granular’ cookie consent bar. This enables users to refuse certain types of cookie – for example analytics cookies or marketing cookies.

Your cookie policy needs to be up to date.

GDPR demands that specific document is provided, detailing which cookies are set by your site, and what they do.

Our GDPR-compliant cookie consent package includes three key components:

  • GDPR compliant cookie consent function to allow the visitor to choose which types of cookies are set, in compliance with GDPR regulations.
  • Custom Privacy Policy page including content compliant with GDPR legislation.
  • SSL certificate installed and configured for your site.

Read about our GDPR-compliant packages here

GDPR – creating a compliant Privacy Policy page

We’ve included some of the basics to help you get started. In general, most privacy policy laws require you to inform users of:

  • Your name (or business name), location, and contact information;
  • What information you’re collecting from them (including names, email addresses, IP addresses, and any other information);
  • How you’re collecting their information, and what you’re going to use it for;
  • How you’re keeping their information safe;
  • Whether or not it’s optional for them to share that information, how they can opt-out and the consequences of doing so;
  • Any third-party services you’re using to collect, process, or store that information (such as an email newsletter service, or advertising network).
  • Who is collecting the data?
  • What data is being collected?
  • What is the legal basis for processing the data?
  • Will the data be shared with any third parties?
  • How will the information be used?
  • How long will the data be stored for?
  • What rights does the data subject have?
  • How can the data subject raise a complaint?

Read about our GDPR-compliant packages here

You can read more on the ICO website:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed/

GDPR – is your website compliant?

You’ve probably seen and heard lots about the new GDPR legislation which came in a few weeks ago, but might not know exactly what it means you have to do to ensure your website is compliant after 25th May.

1) You need an up-to-date Privacy Policy.

You need to publish your privacy policy. This document must contain information about how your council processes any personally identifiable information, how long it is retained for and why you need to process it.

All our websites come with a page ready for you to add your policy to, linked into the site footer so users can easily find it.

Read more about privacy policies here.

2) Cookies

You might think your site doesn’t set cookies. However, cookies are an essential part of the functioning of all modern websites. For example, any site that you log into to make changes sets cookies to enable you to do this. So virtually all websites set cookies, including yours.

GDPR places new restrictions on cookies, as detailed here: https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/

To clarify this, you are obliged to:

  • tell people the cookies are there
  • explain what the cookies are doing and why; and
  • get the person’s consent to store a cookie on their device
    • consent must be freely given, specific and informed
    • users should be able to disable cookies, and you should make this easy to do

There is an exception if the cookie is ‘strictly necessary’

Read more about making your website GDPR cookie-compliant here.

 

I realise this is a lot to take on. GDPR has resulted in a massive bureaucratic burden. We are here to take control of GDPR compliance for you and reduce any worries you may have.

Read about our GDPR-compliant packages here