Skip to main content
Hafan

New guidance on disclosing documents to the public

  • Date 31 July 2025
  • Type News

We have today published new guidance to help organisations disclose documents securely.  

From public authorities handling Freedom of Information requests to organisations responding to Subject Access Requests, many need to regularly disclose documents containing large amounts of information to the public.  

Personal information can be hidden or not immediately visible in documents. If they are not checked properly, it may be disclosed by accident – sometimes with serious consequences.  

Our guidance includes practical steps and how-to videos to help organisations understand how to check documents, including spreadsheets, for hidden personal information and reduce the risk of a data breach.  

Emily Keaney, Deputy Commissioner at the ICO, said:

“We have seen a number of serious data breaches, including at the Police Service of Northern Ireland and the Ministry of Defence, which have involved documents being disclosed without proper checks for hidden personal information – this crucial step cannot be missed.  

“All organisations must have robust measures in place to protect the personal information they hold and prevent it from being inadvertently disclosed. We are committed to providing clear guidance to help organisations get this right, reducing the margin for mistakes and making it second nature to check documents for hidden personal information.”  

The new guidance is the regulator’s most current and comprehensive resource on avoiding accidental data breaches when disclosing documents to the public, replacing an advisory note issued in the immediate aftermath of high-profile data breaches in 2023.  

It includes simple checklists and how-to videos, covering topics such as:  

  • Deciding an appropriate format for disclosure to the public 
  • Finding various types of hidden personal information including hidden rows, columns and worksheets, metadata and active filters 
  • Converting documents to simpler formats to reveal hidden data  
  • Avoiding using ineffective techniques to keep information secure 
  • Using software tools designed to help identify hidden personal information (such as Microsoft Document Inspector)  
  • Reviewing the circumstances of a breach to prevent a recurrence 
  • Removing and redacting personal information effectively 

We are engaging directly with key stakeholders, including Government, to increase visibility of the guidance amongst those who need it.  

While the guidance is designed to support organisations with disclosing documents to the public, the practical advice will also help all organisations avoid accidental data breaches in any situation where they are disclosing or sharing documents.  

The regulator also has a wealth of guidance on data sharing, including a Code of Practice, to help organisations sharing personal information.   

Find out more about the real impact a data breach can have on people’s lives with our Ripple Effect campaign.  

Read the new guidance here.  

Notes to editors
  1. The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  2. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.  
  3. The ICO can take action to address and change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.    
  4. To report a concern to the ICO telephone our helpline 0303 123 1113 or go to  ico.org.uk/concerns.