Limited support for Carmarthenshire
We do not currently provide detailed weekly summaries for Carmarthenshire Council. Running the service is expensive, and we need to cover our costs.
You can still subscribe!
If you're a professional subscriber and need support for this council, get in touch with us at community@opencouncil.network and we can enable it for you.
If you're a resident, subscribe below and we'll start sending you updates when they're available. We're enabling councils rapidly across the UK in order of demand, so the more people who subscribe to your council, the sooner we'll be able to support it.
If you represent this council and would like to have it supported, please contact us at community@opencouncil.network.
Cabinet Member for Organisation & Workforce - Friday, 5th September, 2025 10.00 am
September 5, 2025 View on council websiteSummary
The Cabinet Member for Organisation & Workforce met on 5 September 2025, and approved the revised and renamed Electronic Usage and Monitoring Policy. The policy was updated to enhance cybersecurity and align with current regulations and the council's updated data access protocol.
Electronic Usage and Monitoring Policy
The Cabinet Member for Organisation & Workforce, Cyng Philip Hughes approved the revisions to the council's email usage policy, renaming it the Electronic Usage and Monitoring Policy.
The updated policy expands its scope to include all electronic communication and collaboration tools used by Carmarthenshire County Council, such as email, Microsoft Teams, and SharePoint. It aims to protect sensitive information, ensure compliance with legal and ethical standards, and facilitate effective and secure communication.
The policy applies to all devices accessing the council's electronic communication tools, including laptops, smartphones, and personal devices, and governs usage by employees, elected members, casual workers, volunteers, external consultants, and contractors.
Key principles of the policy include:
- Secure communication methods for sensitive, confidential, or personal data.
- Exclusive professional use of council-provided platforms, prohibiting personal correspondence.
- Archiving and filtering of business-related correspondence in compliance with data retention policies.
- Alignment of mailbox access delegation and shared mailbox usage with the principle of least privilege1.
The policy also addresses phishing awareness and prevention, mandating cybersecurity training to help users recognise and prevent phishing attempts. It details data retention periods for various platforms, such as retaining Teams channel messages for up to 365 days and Teams chat messages for up to 7 days.
The policy outlines the responsibilities of Digital Services in maintaining compliance procedures and updating the policy, and mandates that all users adhere to relevant legislation, including UK GDPR, the Data Protection Act 2018, and the Freedom of Information Act 2000. Breaches of the policy may result in disciplinary action or referral to the Standards Committee for elected members.
The report noted that revisions to the policy had been discussed with legal services, who were supportive of the changes, and with People's Services, who made recommendations that were adopted into the revision. The new policy will be communicated to all staff and members via staff news and other marketing tools.
The alternative to approving the revisions was to continue without an updated policy to govern the use of electronic communications.
-
The principle of least privilege (PoLP), also known as the principle of minimal privilege or the principle of least authority, requires that every module (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose. ↩
Attendees
Topics
No topics have been identified for this meeting yet.