The UK Information Commissioner's Office (ICO) has issued a directive for immediate cessation of Microsoft Excel spreadsheet usage to publish Freedom of Information (FOI) data. This decision aligns with the regulator's move to prevent serious data breaches and secure sensitive personal information. The ICO has sent an advisory notice to all public bodies concerning the inadvertent disclosure risks of personal data through spreadsheets with FOI requests responses.
Alternative Measures for Data Protection
In light of the recent breaches involving the Police Service of Northern Ireland and Norfolk and Suffolk police constabularies, the ICO urges the use of alternative methods to mitigate personal data risk. These breaches led to the accidental exposure of confidential information stored within spreadsheets in response to FOI requests.
The ICO, emphasizing the urgency of this issue, has advised all public authorities to employ robust measures to protect personal information. John Edwards, the Information Commissioner, highlighted that the main concern of data protection pertains to individuals.
He further expressed the necessity of these measures, stating “The advice we have issued sets out the bare minimum that public authorities should be doing to protect personal data when responding to information access requests, and to reassure the people they serve, and their staff, that their information is in safe hands.”
Risks to Domestic Abuse Victims through Data Breaches
This advisory follows the ICO's warning on the potential dangers posed by data breaches, particularly exposing the personally identifiable information (PII) of domestic abuse victims. The ICO insists on organizations that deal with the PII of abuse victims to adequately train their staff and establish systems to prevent such instances.
With the severe implications of personal data breaches coming to light, the ICO's directive for a switch from spreadsheet use towards safer data handling systems emphasizes its dedication to data protection. The detailed advice guides public authorities on minimum standards to meet, ensuring the safety of the public's personal data.