The UK government has issued a warning to people to stop using spreadsheet software such as Microsoft Excel due to multiple data breaches. The Information Commissioner’s Office (ICO) has identified spreadsheets as a major cause for concern in the safety of personal information.

Causes of Data Breaches

The warning comes in the wake of a surge in data breaches caused by Freedom of Information (FOI) requests, with incidents including the leaking of personal information pertaining to witnesses, suspects, and victims in several crimes. The ICO has advised public bodies to stop using spreadsheets when responding to requests made under the Freedom of Information Act 2000 (FoI). 

Personal information is exempt from release and should be redacted before the request is actioned. However, there have been numerous cases where employees have not received enough training to fully redact spreadsheets before release. Breaches such as these show that data is not just at risk from hackers but also from general incompetence and highlight the importance of cyber literacy within organizations.

Recommendations from ICO

The ICO has issued several recommendations to organizations, including immediately stopping uploading original source spreadsheets to online platforms used to respond to FOI requests, continually providing training to staff who are involved with disclosing information, and avoiding using spreadsheets with hundreds or thousands of rows and instead investing in data management systems which support data integrity. 

What next?

The recent personal data breaches are a reminder that data protection is, first and foremost, about people. Robust measures must be in place to protect personal information. The advice we have issued sets out the bare minimum that public authorities should be doing to protect personal data when responding to information access requests, and to reassure the people they serve, and their staff, that their information is in safe hands.