There are several ways personal data can be stored in a file and disclosed by mistake.
However, exporting data to simple file formats such as CSV (Comma Separated Value) and using the inspect worksheet function can highlight potential unauthorised disclosures.
Mistakes can be made in the redaction process and other file types such as email or images can contain additional meta-data.
The simplest case of data being disclosed in error can occur when it is not immediately visible on screen but elsewhere within the file. This can be due to design choices or formatting styles. Within a template, a user might have chosen to hide certain data by setting the font colour to the same as the background (eg white on white or black on black). While this prevents personal data being disclosed on a printed version of the file it will still remain within the source file. The personal data is at risk of unintended disclosure if the electronic version is distributed. Highlighting the text or changing the font colour will expose it.
This data is at risk if the electronic version is distributed. Highlighting the text or changing the font colour will expose it.
When disclosing information under FOI or in response to a subject access request, it may be necessary to redact certain information. In particular you should consider whether the information requested contains personal data. The ICO’s advisory note - which places a moratorium on the disclosure of original source spreadsheets to online platforms – includes a number of useful reminders and links on the safe disclosure of information.
Spreadsheet eg xls(x), ods
Word processor eg doc (x), odt
Presentation eg ppt(x), odp
Email eg mbox, msg
Image and video eg jpg, avi
To download a copy of this document as a pdf Download PDF