Protecting data in emails

From 30 June 2017, all NHSBT emails sent to people outside the organisation will be scanned automatically to determine whether they contain data considered to be confidential.

Emails sent internally within NHSBT will not be scanned.

With over 13,000 confidential external emails sent each month, the goal is to protect us from an accidental information breach.

Email will be quarantined if it contains:

  • Large spreadsheets
  • A database
  • National Insurance numbers
  • An archive of information or files
  • Information matching the UK Data Protection Act or new European Data Protection Regulation classification

Further types of confidential email will be added in the future to improve NHSBT’s security.

You will receive an automated warning email if your email is quarantined, giving you the option to send or cancel it.

Emails which you title as confidential or sensitive confidential sent externally will still generate a password for recipient release. It is possible that such email will be caught in the above filters, requiring you to confirm that you still wish to send it.

If you have any technical difficulties related to Data Leak Protection, please call the IT Service Desk on 58777.

Your Legal Duty under the Data Protection Act
Protecting the information held by NHSBT, the reputation of NHSBT, the privacy of donors and colleagues is paramount, and the introduction of Email Data Leak Protection will help reduce the risk of an accidental data breach. The consequences of a breach are serious and could result in a fine for NHSBT, a colleague, or both, so please make sure you are aware of your information security responsibilities familiarising yourself with the NHSBT Information Security Policy POL10, Section 3.3.


If you have any questions about the policy, please contact Barry Richardson, Head of Information Security.


Leave a Reply

Your email address will not be published. Required fields are marked *



You Might Also Like