The importance of secure email systems and GOV.UK domains for local councils
AUTHOR: DARREN BRIDDOCK, DATA PROTECTION LEAD AT BREAKTHROUGH COMMUNICATIONS
Almost all local (parish and town) councils now have an official website, as well as official email accounts. An increasing number of councils also provide official email accounts for their councillors as well as for their clerk and other officers. When choosing a domain name for the council's website and emails, many local council websites are appropriately making use of the exclusive GOV.UK domain (for example, ourparishcouncil.gov.uk), with email addresses being linked to that domain as well.
There are a number of important reasons why local councils of all sizes should ideally obtain an appropriate GOV.UK domain name for their council, and equally importantly, a secure and centrally-managed email system to sit behind it.
First and foremost, obtaining a GOV.UK domain for your council website and email accounts demonstrates the council's official local government status. Members of the public are increasingly cyber security-aware, so a GOV.UK domain can also help to build trust, credibility and visibly demonstrates authenticity. Many people will now reasonably expect a local council to have a GOV.UK domain name.
Your county association may also be able to offer advice and support in this area and you should seek advice from them in the first instance. Some county associations even have local deals with other tier authorities, offering GOV.UK email accounts with existing domains for example.
As well as building credibility for your website, a GOV.UK should also ideally then be used to support your council's official email accounts as well, for both officers and councillors. Getting a GOV.UK domain name is important in this regard - but it's not the only piece of the puzzle. It's also important to have a secure, centrally managed email system. There are many popular systems on the market, including Office 365 (which offers discounts for parish and town councils) and Google GSuite, amongst others. Regardless of which system you choose, there are a number of key benefits to using a commercial email system, rather than just a free email account.
Almost all commercial email systems provide a centralised dashboard that gives the council the ability to add, edit and remove users as appropriate. You can also immediately suspend user access in an emergency and, perhaps most importantly, they offer centralised searching of all data contained within the system for effective compliance with Data Subject Access Requests and Freedom of Information Requests.
As there is one central system sending email for all the registered accounts at the domain, regardless of what computer or Internet connection is being used to access it, emails are less likely to be identified as spam and therefore more likely to be delivered. A business-grade email system with its own spam filters built-in is more likely to be able to learn the kinds of email received and will reduce the risk of incoming emails being marked as spam or rejected entirely.
There exists a myth that having a GOV.UK domain together with a secure email system that sits alongside your website is expensive. The reality is somewhat different, with an increasing number of publicly available discounts and inexpensive options available in the market, as well as existing deals in place with a number of county associations. It's also important to remember that the investment required to set up and manage such systems is usually significantly less expensive than dealing with the potential problems that can sometimes arise with free systems that don't enable you to fully comply with your council's GDPR, FOI or cyber security obligations, or one that can't be managed efficiently as councillors and officers move in and out of the organisation.