The Information Commissioner’s Office (ICO) has published new guidance to help organisations disclosing documents to the public to do so securely, minimising the risk of accidental breaches of personal information.
Many organisations regularly need to disclose documents containing large amounts of information, for example when responding to Subject Access Requests or handling Freedom of Information requests. The new guidance is the ICO’s most current and comprehensive resource on avoiding accidental data breaches when disclosing documents to the public.
Personal information is not always immediately visible in documents. This can lead to data breaches if documents are not checked properly before they are disclosed. The guidance includes practical steps to help organisations understand how to check documents, including spreadsheets, for hidden personal information. It includes simple checklists and how-to videos, covering topics such as:
- deciding an appropriate format for disclosure to the public;
- finding various types of hidden personal information, including hidden rows, columns and worksheets, metadata and active filters;
- converting documents to simpler formats to reveal hidden data;
- avoiding using ineffective techniques to keep information secure;
- using software tools designed to help identify hidden personal information, such as Microsoft Document Inspector;
- reviewing the circumstances of a breach to prevent a recurrence; and
- removing and redacting personal information effectively.
While the guidance is designed to support organisations with disclosing documents to the public, the practical advice included will help all organisations to avoid data breaches in any situation where they are disclosing or sharing documents.