The UK Data Commissioner’s Workplace (ICO) has referred to as for a direct finish to the usage of Excel spreadsheets to publish Freedom of Data (FOI) information within the wake of significant information breaches. The information safety regulator issued an advisory discover to all public authorities in regards to the dangers of non-public data inside spreadsheets being disclosed inadvertently in response to FOI requests. The ICO mentioned that various approaches must be used to mitigate danger to private data.
The advisory comes after the Police Service of Northern Eire and the Norfolk and Suffolk police constabularies each just lately suffered unintended information breaches that uncovered extremely delicate data saved in spreadsheets following FOI requests.
Various approaches must be used to mitigate danger to private data
As a “matter of urgency,” the ICO suggested all public authorities to:
- Implement a moratorium on the disclosure of authentic supply spreadsheets to on-line platforms in response to FOI requests
- Convert spreadsheets and delicate metadata into open reusable codecs resembling comma-separated worth (csv) recordsdata
- Keep away from utilizing spreadsheets with a whole lot or hundreds of rows and put money into information administration methods which assist information integrity
- Frequently prepare employees who use widespread information software program and are concerned in disclosing data
- Be sure that there isn’t any surprising information included if the unique format must be maintained to protect helpful macros and equations
- All the time disclose data in probably the most applicable and safe format, this will likely contain copying data into a distinct file format
Authorities should have “strong measures” in place to guard private data
“The current private information breaches are a reminder that information safety is, at the start, about individuals,” mentioned John Edwards, Data Commissioner. “We now have seen each the instant and ongoing influence that the discharge of such delicate private data has had on the people and households concerned, and that’s the reason I’ve taken this motion.”
It’s crucial that strong measures are in place to guard private data, he added. “The recommendation we have now issued units out the naked minimal that public authorities must be doing to guard private information when responding to data entry requests, and to reassure the individuals they serve, and their employees, that their data is in secure fingers.”
In the identical week, the ICO warned of the potential dangers to life posed by information breaches exposing the personally identifiable data (PII) of home abuse victims. The information privateness regulator urged organizations dealing with the PII of home abuse victims to take duty for coaching their employees and placing applicable methods in place to keep away from such incidents.
