You're viewing an updated version of this site - your feedback will help us to improve it.


Data storage, sharing and security – The danger of using BCC in emails

Hand pushing virtual mail button on digital background

The Information Commissioner’s Office (ICO) have updated their guidance for data storage, sharing and security for small organisations.

Think carefully about when to use BCC (blind carbon copy) when sending emails to multiple addresses.

Failure to use BCC correctly in emails is one of the top data breaches reported to the ICO every year – and these breaches can cause real harm, especially where sensitive personal information is involved. 

When you use the ‘BCC’ field to send an email, the recipients can’t see each other’s email addresses. You can use this if the personal information you’re sharing isn’t sensitive and there’s little risk. But if your email may reveal sensitive information about the recipients, you should assess whether using other secure methods would be more appropriate.

Under data protection law, organisations must have appropriate technical and organisational measures in place to ensure personal information is kept safe and not inappropriately disclosed to others.

For further information please select the following link: Data storage, sharing and security | ICO

Business Wales Helpline

03000 6 03000

Lines are open 10am to 4pm Monday to Friday.

Rydym yn croesawu galwadau’n Gymraeg.
We welcome calls in Welsh.