GDPR has been in effect for some time now and yet as it’s such a complex subject, we still see some grey areas and potential ways in which Parish Councils can unwittingly fall short of compliance.
Perhaps the most blurred area of GDPR is surrounding the use of councillors own devices when sending or receiving emails.
Some larger town councils have issued their members with dedicated devices that are intended purely for council business. Many councils, in particular the smaller authorities simply don’t have the budget to do this. It’s these councils that are perhaps most at risk of falling short of compliance.
Imagine that a councillor who has a dedicated council email address leaves the council, either because he / she retires, has a disagreement, violates policy or even dies. If that councillor has configured his device, be it a mobile device or a desktop computer, to send and receive email from a dedicated email address on the same domain as the council on which they served, then chances are, those emails are then stored on the personal device even after his or her departure from office.
From a security viewpoint, this device now contains public data that could potentially be accessed by anyone with access to the device. This poses a hole in GDPR security and a headache for any data controller.
We’re recommending to all our Parish Council and Town Council clients that they request that all their members remove any council email addresses from their personal devices. Moving forward, council members can access their email via webmail from any browser. Simply navigate to their Parish Council website and add /webmail to the end of the URL in the address bar. They can easily bookmark this page to enable speedier access. For example, anytownpc.org/webmail would take the council member to his online email account. Their existing username and password would enable them to log in.
The advantages of using webmail are many. The council have removed the danger of a security breach on a members own device as the emails viewed on webmail are not downloaded to the device used to access them.
In addition, the members will no longer see access issues which are common when trying to access email from a device using an email client. One wrong setting, such as a wrong port number can see a device locked out of accessing the server for hours. We’ve seen this with many councillors where they may have set up their phone correctly but have set up their tablet incorrectly. Their IP addresses are then banned from our servers for a predetermined amount of time which renders them unable to access email and the website. Using webmail removes this issue completely.