The URL can be used to link to this page

Home My WebLink AboutFSD-001-26Staff Report If this information is required in an alternate accessible format, please contact the Accessibility Coordinator at 905-623-3379 ext. 2131. Report To: General Government Committee Date of Meeting: January 12, 2026 Report Number: FSD-001-26 Authored By: David Cachia, Chief Information Officer Submitted By: Trevor Pinn, Deputy CAO/Treasurer, Finance and Technology Reviewed By: Mary-Anne Dempster, CAO By-law Number: Resolution Number: File Number: Report Subject: Use of Technology Recommendations: 1.That Report FSD-001-26, and any related delegations or communication items, be received; 2.That the Council Use of Technology Policy as Attachment 1, be approved effective November 15, 2026; and 3.That all interested parties listed in Report FSD-001-26, be advised of Council’s decision. GG-011-26 Municipality of Clarington Page 2 Report FSD-001-26 Report Overview 1. Background 1.1 The Municipality of Clarington recognizes that technology is essential for modern governance and service delivery. Risks associated with inappropriate or unauthorized use of technology must be managed to protect the Municipality, ensure transparency, and maintain accountability. 1.2 Given the increased use of technology in the day-to-day operations of Council, the draft Council Use of Technology Policy was created to provide guidance and standards in a modern governmental environment. 1.3 The Policy applies to all elected off icials and their delegates who use municipal technology, including desktops, laptops, mobile devices, software, email, telephones, and related equipment. 2. Policy Requirements 2.1 Key Policy Requirements Include: 2.1.1. Use of municipal devices strictly for municipal p urposes. 2.1.2. Responsibility for care and security of assigned devices. 2.1.3. Immediate reporting of lost or stolen devices. 2.1.4. Compliance with security protocols, including passwords and Multi-Factor Authentication (MFA). 2.1.5. Prohibition of personal or financial gain, harassment, or unauthorized sharing of municipal information. 2.1.6. Mandatory annual review and signing of the policy, and completion of cybersecurity training. Municipality of Clarington Page 3 Report FSD-001-26 2.2 While Council already is currently provided with municipal assets such as a laptop and phone, the Policy codifies the requirement that each member of Council is expected to utilize these assets for corporate business. 2.3 Corporate technology assets provide for increased security, compatibility with corporate meeting software, and improved records management. As Staff do not support personal devices, utilizing corporate devices allows access to technical support for Members of Council. 2.4 In the past five years, cyber security has become a key risk and consideration for the IT operations of the Municipality. Requiring multi-factor authentication, strong passwords, and other best practices will mitigate evolving cyber risks. 2.5 To ensure transparency, secure municipal records, and meet ongoing legislative requirements, the Policy requires members of Council to conduct municipal business through their Clarington established emails. This ensures the Municipality can meet its obligations under the record and privacy legislation. 3. Financial Considerations Not Applicable. 4. Strategic Plan The Council Use of Technology Policy directly supports the Clarington Strategic Plan by: 1. Enhancing accountability and transparency in municipal operations. 2. Promoting a culture of cybersecurity awareness. 3. Ensuring technology is used to optimize service delivery and protect municipal assets. 5. Climate Change Not Applicable. 6. Concurrence Not Applicable. Municipality of Clarington Page 4 Report FSD-001-26 7. Conclusion It is respectfully recommended that Council approve the Council Use of Technology Policy effective November 15, 2026, to ensure responsible, secure, and effective use of technology by Members of Council. This policy will help safeguard municipal assets, support transparency, and maintain public trust. Staff Contact: David Cachia, Chief Information Officer, 905-623-3379 x2230 or dcachia@clarington.net. Attachments: Attachment 1: CP-XXX Use of Technology Interested Parties: There are no interested parties to be notified of Council's decision. Council Policy If this information is required in an alternate format, please contact the Accessibility Coordinator at 905-623-3379 ext. 2131 Page 1 of 8 Number: CP-00# Title: Council Use of Technology Type: Technology and Communication Sub-type: Information Security Owner: Finance and Technology Information Technology Approved By: Council Approval Date: Click or tap to enter a date. Effective Date: November 15, 2026 Revised Date: Click or tap to enter a date. Applicable to: Council 1.Legislative or Administrative Authority: 1.1. Section 11 of the Municipal Act states that a lower-tier municipality may pass by-laws respecting the following matters, among others: 1. Governance structure of the municipality and its local boards. 2. Accountability and transparency of the municipality and its operations and of its local boards and their operations. 3. Financial management of the municipality and its local boards. 4. Public assets of the municipality acquired for the purpose of exercising its authority under this or any other Act. 1.2. Section 270(1)(5) of the Municipal Act states that “a municipality shall adopt and maintain policies with respect to the manner in which the municipality will try to ensure that it is accountable to the public for its actions, and the manner in which the municipality will try to ensure that its actions are transparent to the public.” 2.Purpose: 2.1. The Municipality must ensure the risks associated with inappropriate, or unauthorized, use of computer technology are adequately managed to protect the Municipality, provide transparency, and ensure accountability. Attachment 1 to Report FSD-001-26 Council Policy If this information is required in an alternate format, please contact the Accessibility Coordinator at 905-623-3379 ext. 2131 Page 2 of 8 3. Policy Requirements: 3.1. This policy aligns with the principles of good governance, transparency, and accountability as outlined in the Municipal Act, 2001 and supports Council Members in fulfilling their roles effectively through the appropriate use of technology. 4. Scope: 4.1. This Council Policy applies to all elected officials or delegates from those officials who use technology, which includes, but is not limited to, desktops, laptops, mobile devices, the Internet, intranet, software, email, telephones, voice mail, and related equipment. 5. Definitions: 5.1. Extended Leave – means any planned, or unplanned, absence from Council duties lasting 30 consecutive calendar days or more, excluding scheduled recesses or holidays formally adopted by Council. 5.2. Intranet (The Hub) – means a local, or restricted, communications network created for Municipal use only. The Municipality’s intranet is a SharePoint site known as “The Hub”. The IT Support portal is accessed through The Hub. 5.3. IT – means the Information Technology Division within the Finance and Technology Department. 5.4. Multi-factor Authentication (MFA) – means an authentication method that requires the user to provide two or more verification factors to gain access to a resource, such as an application, online account, or a VPN. 5.5. Municipal Device – means any electronic equipment owned by the Municipality that can acquire, store, process, analyze, or transmit data electronically, including desktop computers, laptops, tablets, smartphones, cameras, printers, and storage media. 5.6. Municipal Purposes – means any activity, transaction, communication, or function undertaken by a Member of Council to perform their official duties, or that directly or indirectly supports the governance, operations, programs, or services of the Municipality of Clarington. Council Policy If this information is required in an alternate format, please contact the Accessibility Coordinator at 905-623-3379 ext. 2131 Page 3 of 8 5.7. VPN - means “virtual private network” and protects its users by encrypting their data and masking their IP addresses. 6. Policy Requirements: Responsibility of Members of Council 6.1. The Municipality provides technology for Municipal purposes. Members of Council are expected to exercise sound judgement and professionalism in the use of all Municipal technology. 6.2. Members of Council are assigned a computing device (i.e. laptop or tablet) and mobile phone and shall use it to conduct Municipal business. 6.3. Members of Council are responsible for the Municipal devices’ care and security. Members of Council must immediately report any lost or stolen Municipal device to IT. Failure to promptly report a lost or stolen device could increase the Municipality’s exposure to security or privacy breaches. 6.4. Members of Council may be financially responsible for Municipal technology that is lost, stolen, or damaged due to negligence or misuse. 6.5. Members of Council should be aware that all use of the Municipality’s technology is subject to monitoring as described in MD-019 Electronic Monitoring. 6.6. Members of Council must ensure that they lock, or log off, any device each time they have completed using it. 6.7. Members of Council shall report any inappropriate use, or unusual activity, to IT. 6.8. There may be times when a Member of Council’s use of the Internet, email, devices, and/or documents is reviewed and/or documented for legal and/or employment reasons, such as a Freedom of Information request or subpoena. It is the Member’s responsibility to comply with these requests. 6.9. The Municipal Intranet site, The Hub, has an IT Support Site where Members of Council can submit requests for IT issues. Members of Council shall use that site to convey such requests. Council Policy If this information is required in an alternate format, please contact the Accessibility Coordinator at 905-623-3379 ext. 2131 Page 4 of 8 6.10. The Municipality ensures that all devices are equipped with up-to-date security protection. If any security threat or issue is detected or suspected, Member’s shall notify IT immediately. Passwords and Multi-Factor Authentication (MFA) 6.11. Each Member of Council will be given an individual account name and are required to have a confidential password. Passwords are NOT to be shared. The network may prompt an individual to change the password as per policy or as required by IT Security. 6.12. Passwords must follow current Municipal protocols. Members of Council should not use proper names, places, or personal information that others could determine. Members of Council should use a complex passphrase, for example “Closet-lamp-Bathroom-Mug”. Council Members are responsible for using their account and are fully liable for its use. 6.13. All individuals must use Multi-Factor Authentication (MFA) if technologically available to add additional security to their accounts and systems. MFA requires the Microsoft Authenticator app to be installed and configured on the individual’s mobile device and Azure MFA to be enabled for the account by IT. 6.14. Where possible, Council Members are encouraged to use biometric passwords (facial recognition, fingerprint recognition) or passkeys to further enhance security capabilities in technology. Internet and Intranet 6.15. The Internet is a public medium. Members of Council accessing the Internet and external email through the Municipality’s internet service will be representing the Municipality of Clarington to the outside world and should act in accordance with the Council Code of Conduct. Each Member of Council is responsible for protecting the security and integrity of its corporate information. 6.16. Council Members shall not download inappropriate material or visit inappropriate websites (including online gaming, entertainment services, pornographic material and sites.) 6.17. Council Members shall not use Municipal technology resources for personal or financial gain. Council Policy If this information is required in an alternate format, please contact the Accessibility Coordinator at 905-623-3379 ext. 2131 Page 5 of 8 6.18. Council Members shall not use Municipal technology resources to harass, intimidate, or discriminate against individuals. 6.19. Council Members shall not download, store, or transmit material infringing copyright, trademark or other proprietary right. 6.20. Council Members shall not post or transmit proprietary or confidential information related to clients, suppliers, vendors, allied parties, or other parties. 6.21. Council Members shall not download programs for installation on the Municipality’s devices. IT is responsible for the installation and maintenance of all programs and IT assets. 6.22. Access to corporate resources (including Microsoft 365 and VPN) is restricted by country to protect the Municipality’s systems and data. Before traveling outside Canada, Members of Council shall submit a Travel Notice through the Service Desk, if a municipal device will be taken outside of Canada. Access from countries identified as presenting elevated cybersecurity or espionage risks or other jurisdictions under Canadian government advisories or international sanctions) is prohibited. Email 6.23. When retrieving email or other electronic information, always exercise extreme caution, especially if attachments are from an unrecognized source. Never open these files. Some files contain viruses and can endanger our network. Members of Council shall report suspicious emails through the Microsoft 365 Outlook reporting function for spam or phishing emails. If unsure, contact IT for advice. 6.24. Members of Council shall properly observe and maintain the usage limits set by IT and periodically clean and delete obsolete or outdated electronic data or information. Members of Council shall comply with the Records Retention Schedule. 6.25. Members of Council shall not forward, or share, Municipal email or digital communications to unauthorized recipients, including personal accounts (e.g. Gmail, Yahoo). Council Policy If this information is required in an alternate format, please contact the Accessibility Coordinator at 905-623-3379 ext. 2131 Page 6 of 8 Ownership of Electronic Information 6.26. All communications sent, or received, via any Municipal electronic communication tool are the legal property of the Municipality of Clarington or the social media host in the instance of social media. There should be no expectation of privacy on any electronic communication or information. 6.27. The municipality may use, or disclose, the contents of electronic communication obtained per this Council Policy for any legitimate Municipal purpose without the originator's or recipient's permission. 6.28. Without prior authorization, the Municipality’s system, hardware, or any other communication device shall not be made available to third parties (including suppliers, customers or the public). 6.29. Members of Council shall not use any free internet email addresses/ accounts or external mailing and messaging systems to conduct municipal business. 6.30. Members of Council may use instant messaging/texting (e.g., Teams) for transitory communications only. This form of communication is not appropriate for business decisions and is not compliant with official corporate record keeping. Administration 6.31. All municipally owned technology must be returned to IT should the Member of Council no longer hold office on, or before, the last day of their service. If the Member of Council goes on extended leave the municipal device shall be returned to IT until their return. 6.32. Information Technology is a rapidly evolving subject matter. This policy will be regularly reviewed and changed as the technology landscape changes. Device Guidelines 6.33. Only software sanctioned by IT is to reside on Municipal devices. IT staff is to install and set up the software. 6.34. IT will perform system audits. IT will remove inappropriate software, and the appropriate member will be notified of the violation. Council Policy If this information is required in an alternate format, please contact the Accessibility Coordinator at 905-623-3379 ext. 2131 Page 7 of 8 6.35. IT shall maintain secure baseline configurations for all corporate devices and ensure the timely application of security patches and updates. 6.36. IT reserves the right to remove any software it feels presents a security risk or other threat to the network. IT must approve new software. 6.37. Only hardware approved by IT is to reside on the Municipal network. IT staff is to install and set up any new hardware. 6.38. If equipment is no longer needed, contact IT to arrange for collection by submitting an IT Service Request. 6.39. Incidental and occasional personal use of Municipal technology is permissible provided it: • does not interfere with workplace productivity or the Municipality’s systems or business operations, • does not pre-empt any Municipal business, • is lawful, • is not used for purposes related to elections, in accordance with the Use of Corporate Resources for Election Purposes Policy. Technology Access, Training, and Accountability 6.40. For current Members of Council, the Use of Technology policy will be delivered electronically annually for the Member of Council to review and sign. 6.41. All Members of Council who require access to technology will be required to read this policy and sign the “Information Technology Acceptance Agreement” form (Appendix A). 6.42. All Members of Council are required to complete mandatory training as required by IT. This includes annually acknowledging and agreeing to published technology management directives, and completing mandatory cybersecurity training when prescribed, as well as annual cyber awareness training. Council Policy If this information is required in an alternate format, please contact the Accessibility Coordinator at 905-623-3379 ext. 2131 Page 8 of 8 7. Roles and Responsibilities: 7.1. Members of Council are responsible for: 7.1.1. Reviewing this policy annually. 7.1.2. Completion of annual cyber security awareness training. 7.1.3. Signing and agreeing to this policy. 7.2. Chief Administrative Officer (CAO) is responsible for: 7.2.1. Ensuring Staff compliance with this Council Policy. 7.3. Chief Information Officer is responsible for the following within their scope of authority: 7.3.1. Maintaining clear guidelines on the use of technology. 7.3.2. Promoting a culture of cybersecurity awareness and the proper use of technology. 7.4. Implementing strategies to mitigate risks. 7.5. Reviewing this Council Policy annually in conjunction with IT Security to ensure alignment with evolving risks and that it is based upon industry best practice. 8. Inquiries: 8.1. Deputy CAO/Treasurer, Finance and Technology 8.2. Chief Information Officer, Finance and Technology 9. Revision History: TBD Initial Policy Created Council