Checklist: How do we avoid an accidental breach when personal information is hidden in spreadsheets
-
Due to the Data (Use and Access) Act coming into law on 19 June 2025, this guidance is under review and may be subject to change. The Plans for new and updated guidance page will tell you about which guidance will be updated and when this will happen.
You are responsible for complying with your obligations under the UK GDPR and Data Protection Act 2018 (DPA 2018) and, where relevant, other information rights legislation, including the Freedom of Information Act 2000 (FOIA). Whilst we make every effort to make sure this guidance is accurate at the time of publication (31 July 2025), we make no guarantees or representations that it will remain up-to-date or ensure compliance. Where appropriate, seek further guidance or advice before disclosing information in the specific circumstances. If you would like to suggest improvements to this guidance, please leave us feedback.
Steps you must take:
☐ We have appropriate data protection policies and procedures to help staff disclose information in spreadsheets securely and respond to accidental breaches effectively.
☐ We keep personal information secure in spreadsheets using appropriate methods (eg passwords and secure redaction techniques) (See also redaction checklist).
☐ We comply with relevant obligations under information access and data protection legislation, if we need to remove personal information from a spreadsheet or consider an appropriate format in which to disclose it.
Steps you should take:
☐ We give staff appropriate data protection training about disclosing information in spreadsheets securely and how to report breaches, including induction and regular refresher training.
☐ We avoid using ineffective techniques to keep information in spreadsheets secure. For example, we don’t:
- hide rows, columns and worksheets;
- move personal information into remote columns or rows; and
- use passwords that only prevent others from editing or using a worksheet or workbook, instead of a strong file-level password that prevents access.
☐ We check information in spreadsheets appropriately for hidden personal information before disclosing them, considering the circumstances, including the risk of harm if personal information was accidentally disclosed.
☐ We know how to remove and redact personal information effectively, when appropriate (see also redaction checklist below), including:
- information (and any cache or temporary store of information) in features designed to summarise large amounts of information (eg Pivot tables and Pivot charts in Microsoft Excel);
- information (including any cache) in links to external sources (eg links to external workbooks in Microsoft Excel); and
- embedded information (eg data models in Microsoft Excel).
Steps you could take:
☐ We raise awareness within our organisation that there is, in general, a greater risk of accidentally disclosing hidden personal information in spreadsheets.
☐ We use software tools, where available, designed to help us find (and remove, where possible and appropriate) various types of hidden personal information in spreadsheets, including:
- hidden rows, columns and worksheets;
- active filters;
- features designed to summarise large amounts of information;
- embedded information; and
- links to external workbooks.
☐ We consider using data management systems, where possible, to make it easier to handle personal information securely and avoid very large spreadsheets.
☐ We convert spreadsheets, where appropriate, to simpler formats (eg csv files) to reveal all the displayable information.
☐ We check the file size is not larger than we would expect for the volume of information we intend to disclose.
☐ We use a retention schedule to help us identify when to remove or delete personal information permanently.