|

Search
This Site All Cabinet Office

Cabinet Office sites

Related Links

• Central Sponsor for Information Assurance (CSIA)
• Government Gateway
• Chief Information Officer Council

Feedback

• Feedback

Top 10 Guidelines for UK local government websites

5. Build trust

Local authorities need to gain and keep the trust of users. Some users need to be reassured about how government uses their personal information. The law means that their privacy has to be protected.

To protect citizens, you must also protect your own site and data: security is an important element of a well-managed website.

Citizen trust

It is important that people have confidence in local government websites, both as citizens and as customers—especially when they are conducting business with you via your site. By providing your website with a consistent look and feel, and through the judicious use of sub-domains, you can build up the confidence of the user. But to deserve that confidence, your website should also have a security policy that is regularly reviewed. People must feel comfortable that only legitimate use will be made of their personal details, and that this information will be held securely.

Service level agreements

These can be built into contracts with suppliers to clarify roles, conditions of fulfillment and standards of delivery. They can include:

• connection guarantees: sites should be available to users at least 99% of the time, and a mechanism for compensation in the case of failure may be agreed
• regular penetration testing to help ensure security
• back-up procedures
• provision of logs or web access statistics
• levels of technical support
• disaster recovery

Use of cookies

Users should be advised when cookies are used on a website. Sessions should be set with appropriate expiry times. The website should still function with cookies switched off.

Hosting and security

If the hosting of a website is outsourced, the contract should make provision for an independent security review of the hosted site. If the website is hosted internally, regular independent security checks should be carried out. Support staff should keep up to date with information about potential viruses and security patches. The vulnerability of web servers to virus or hacker attacks is a key issue when buying a server host solution. The host’s track record for quickly providing updates to security and installing patches should be a major factor in any web server procurement decision.

Copyright

Many central government websites are covered by Crown copyright. Local government websites are not. Any purchase agreements for web designs, writing, illustrations or photographs should specify the rights that you have purchased. These should include rights for all digital media, so that you do not have to make separate agreements to use material on the Web, digital TV, or other channels. Some programmers will wish to retain copyright of original source code, and this can be done so long as you retain the right to continue using the code, even if another supplier takes over the running or redesign of the site. You may also wish to protect your rights to the assembly of information in databases.

Moral and intellectual property rights are other issues to bear in mind. Your own brands may require copyright or even trademark protection. Always take legal advice.

Legal issues

Websites must state their policy on the following issues:

• Disability Discrimination Act
• Data Protection Act
• Freedom of Information Act

Where local authorities collect personal information using an online form, the form must contain (or link to a statement) explaining how the data collected via that form will be used. Under the Data Protection Act it is not enough to simply have a ‘blanket’ statement - you must be specific in each case.

Local authorities’ data protection officers will need to be able to demonstrate that the authority is keeping track of all places where it collects personal information. To make this task easier on the website, we suggest adopting a naming convention for all pages containing interactive forms – for example, placing them in a sub-folder called forms.

The Data Protection Act 1998 also affects the use of photography. Hampshire County Council outlines on its website (http://www.hants.gov.uk/tc/cg/photosintro.html) several issues under the Data Protection Act that local authorities should be aware of in terms of using images of people via photographs, videos and webcams:

• You must get the permission of all the people who will appear in a photograph, video or webcam image before you record the footage. That means children as well as adults. Hampshire County Council provides examples of consent forms that can be used for adults and children on their website (http://www.hants.gov.uk/TC/cg/photosamples.html)
• You must make it clear why you are using that person's image, what you will be using it for, and who might want to look at the pictures.
• If you are taking images at an event attended by large crowds, such as a sports event or the Southampton Balloon Festival, this is regarded as a public area so you do not need to get the permission of everyone in a crowd shot. People in the foreground are also considered to be in a public area. However, we suggest that photographers address those within earshot, stating where the photograph may be published and giving them the opportunity to move away. If you want to use an image of, for example, the winner of a race at a sports event - with the crowd in the background - you must get the race winner's verbal permission and record the fact that you have done so. You can record their consent on a verbal consent form when you take the photograph or when you return to your office. If you intend to use images from an agency, it is the agency's responsibility to get permission from all those appearing in the image before it is recorded. However, it is ultimately your responsibility to ensure that permission was obtained, so you may want to get this in writing from the agency concerned.
• If you intend to use images from an agency, it is the agency's responsibility to get permission from all those appearing in the image before it is recorded. However, it is ultimately your responsibility to ensure that permission was obtained, so you may want to get this in writing from the agency concerned.

Other legal issues to consider include:

• If conducting user tests on children, ensure that police-cleared adults are present.
• You also need to ensure that content—even in discussion groups—obeys the laws on defamation.< /li>

Advertising and sponsorship

Online advertising currently generates very little revenue. If the decision is taken to provide advertising on a local authority website, a great deal of attention should be paid to the contract with the advertising provider.

The authority should consider what type of advertising it considers appropriate to its website, and whether it requires the adverts to be submitted for prior approval before publication.

Sponsorship may yield more resources, while consuming less time in negotiations and content checks. However, the sponsor should not be a supplier of services to the authority, or someone with whom you are currently negotiating. This will avoid any appearance of impropriety.

Relevant resources

The Guidelines for UK government websites: Illustrated handbook for web management teams provides detailed advice on the following subjects at:

Illustrated handbook for web management teams

• Section 1.8 Platform for Internet Content Selection (PICS) How to set a certification rating for the content of your site. This rating is then read by filters on browsers. The page will be displayed only if it meets the user’s own criteria. This allows parents or schools to protect children from particular kinds of content
• Section 1.3 Advertising and sponsorship Guidance on advertising on government websites
• Section 1.10 Legal issues A full review of legal matters including the Disability Discrimination Act, the Data Protection Act, copyright, terms and conditions etc
• Section 1.11 Backgrounder on securing websites A review of security issues
• Section 1.12 Procurement + checklist on choosing an ISP/hosting service Issues to take into account when briefing and contracting design or hosting services, including issues for service level agreements (SLAs)
• Section 4.7 Cookies Background information on cookies, and advice on acceptable use of cookies in government websites

The Performance and Innovation Unit has published Privacy and Data-Sharing: The way forward for public services:

Privacy and Data–Sharing: The way forward for public services/a> [external link]

Salford City Council and Hampshire County Council provide legal pointers for websites (but seek your own legal advice in all cases):

• Copyright

http://www.salford.gov.uk/copyright.shtm [external link]

http://www.hants.gov.uk/copyrite.html [external link]

• Notice attached to list of planning applications

http://www.salford.gov.uk/pubnotices/planlist/default.asp [external link]

• Sample disclaimer form

http://www.salford.gov.uk/disclaimer.shtm [external link]

http://www.hants.gov.uk/disclaimer.html [external link]

• Privacy

http://www.salford.gov.uk/privacy.shtm [external link]

http://www.hants.gov.uk/privacy.html [external link]

The consultation document Security Framework V2.0 gives guidance on security issues for e-government:

The Trust Charter for Electronic Service Delivery focuses in more detail on privacy and data protection issues, to help build user trust in government websites:

www.govtalk.gov.uk/policydocs/policydocs_document.asp?docnum=339 [external link]

Web Quality Briefings 1: Case study of advertising on a government website reviews the issues that faced a central government website when selling advertising space:

Freedom of Information Act 2000:

http://www.hmso.gov.uk/acts/acts2000/20000036.htm [external link]

Data Protection Act 1998

http://www.hmso.gov.uk/acts/acts1998/19980029.htm [external link]

Information Commissioner

http://www.dataprotection.gov.uk/ [external link]