Skip to main content

NHS Secure Boundary


Why and how we process your data in the NHS Secure Boundary and your rights.

Controller NHS Digital (Independent Controller and Processor) NHS Organisations that use the service (Independent Controllers)
How we use the information (processing activities)

The NHS Secure Boundary is a service managed by NHS Digital to improve the detection of cyber security threats to NHS organisations’ internet breakout traffic. The primary purpose of the solution is to protect NHS organisations, employees and patients when accessing services on the internet from malicious content, such as malware and phishing websites. NHS Digital is primarily providing this service as a processor on behalf of the NHS organisations who use the service. NHS Digital is also an independent Controller for specific processing activities such as determining firewall rulesets which cannot be overridden by the NHS organisations that use the service. Accenture, Palo Alto and Imperva are sub-processors of the data under contracts with NHS Digital. The types of data processed by the service include: • internet traffic data (Source/destination IP address; packet content (which may include personal and special category data (relating to health)) • internet traffic metadata about websites or internet services accessed by users including staff (usernames, email address, IP address) • directory data to match internet traffic to specific users to provide audit and access control.

Does this contain sensitive (special category) data such as health information? Yes
Who are recipients of this data?

NHS Digital may report to other public bodies and Government Authorities e.g. Department of Health and Social Care, NHS England, NHS X an aggregate view of the data e.g. Region X has had 1025 cyber-attacks in January 2019. This will not contain any personal or special category data.

Is data transferred outside the UK? • The data collected by the NHS Secure Boundary solution is stored in the UK but may be accessed by Accenture, Palo Alto and Imperva from within and outside the EU. NHS Digital use EU Model Standard Contractual Clauses for international transfers with Accenture, Palo Alto and Imperva. • Accenture’s Service Now incident management tool used to monitor and track service incidents is hosted in the US. Staff which access the data may be in the US, India or Australia. Service Now is covered by the EU-US Privacy Shield Framework • Palo Alto’s service ticketing system is hosted in the US and is covered by the EU-US Privacy Shield Framework.
How long the data is kept Internet traffic The content of Internet traffic is scanned for security purposes but is not normally retained. The only exception is where individual files are scanned to determine whether they contain malicious data, these are retained for up to 2 weeks Internet Traffic Metadata Metadata describing the websites and other Internet services accessed by a user may be retained for up to 6 months Malicious Data The signature of files that are identified as malicious (ransomware, spyware, etc.) are retained for 10 years as they are then constantly analysed and compared to new strains of threats being seen. No personal data is retained, only the signature of the file. Non-malicious data Clean files are deleted within 14 days.
Our lawful basis for holding this data Public task
Your rights
  • Tick Be informed
  • Tick Get access to it
  • Tick Rectify or change it
  • Cross Erase or remove it
  • Tick Restrict or stop processing it
  • Cross Move, copy or transfer it
  • Tick Object to it being processed or used
  • Tick Know if a decision was made by a computer rather than a person
How can you withdraw your consent?

Consent is not the basis for processing.


Where does this data come from? The data is collected from NHS Organisations that use the service as a result of inspecting their network traffic for the security purposes of the solution.
The legal basis for collecting this data


Article 6 (1) (e) - Public task 
Article 9 (2) (g) - Substantial public interest
Article 9 (2) (h) - Management of health or social care systems and services.

DPA 2018

Schedule 1, Part 1 (2) (2) (f) - Health or social care purposes
Schedule 1, Part 2 (6) - Statutory and government purposes.

Where NHS Digital uses this data