IT & Digital Policy

Adopted by Darwen Town Council: 2nd September 2025
Next review due: September 2026

Purpose

Darwen Town Council has adopted an IT and Acceptable Use Policy to ensure that all Council business is conducted in a secure, professional and legally compliant manner. This policy applies to all councillors, the Council Clerk, and any other persons carrying out work on behalf of the Council.

This policy supports Darwen Town Council’s compliance with Annual Governance Return Assertion 10 (2025/26) — Digital and Data Compliance.

Authority-owned email accounts

All official Council business must be conducted using authority-owned or authority-affiliated email accounts. The use of personal email accounts (such as Gmail, Yahoo Mail, personal Outlook, or any other non-authority email service) for official Council business is not permitted.

This requirement exists because:

Data security — Authority accounts operate within a controlled environment with appropriate security measures, in line with GDPR principles of integrity and confidentiality
Accountability and transparency — Official accounts create a clear, auditable record of Council communications, supporting FOI compliance and Data Subject Access Requests
Professionalism — The use of authority-affiliated accounts presents a consistent and trustworthy identity for the Council

All councillors and staff are periodically reminded that all Council business must be conducted via their authority accounts only.

Data security requirements

All persons acting on behalf of the Council must:

Use secure, password-protected devices for Council business
Not share login credentials with others
Report any data breach or suspected security incident to the Council Clerk immediately
Not store Council data on personal, unsecured devices or cloud services unless appropriately secured
Lock devices when not in use

Acceptable use

Council IT systems and communications must only be used for lawful purposes relevant to Council business. Uses that could bring the Council into disrepute, violate data protection law, or breach any legal requirement are strictly prohibited.

Social media

Councillors and staff must ensure that any social media activity clearly distinguishes between personal views and the official position of the Council. The Council’s official social media accounts must only be updated by authorised persons.

Cybersecurity

Darwen Town Council’s website is maintained by Room Filler, who have confirmed compliance with UK government cybersecurity requirements. The Council takes reasonable and proportionate steps to protect its digital infrastructure, data and communications against unauthorised access, loss or breach.

Training and awareness

The Council Clerk provides regular reminders and guidance on IT and data protection requirements. All councillors are required to confirm their understanding of and compliance with this policy when first elected or co-opted, and at each annual review.

Review

This policy is reviewed annually by Full Council. The current version was adopted on 2nd September 2025 and is due for review in September 2026.

For related policies, please see our Privacy Policy and Freedom of Information & Publication Scheme.