Organisations responding to Subject Access Requests may be disclosing documents containing large amounts of information to the public.

Personal information can be hidden or not immediately visible in documents. If they are not checked properly, it may be disclosed by accident – sometimes with serious consequences.

The ICO guidance includes practical steps and how-to videos to help organisations understand how to check documents, including spreadsheets, for hidden personal information and reduce the risk of a data breach.

The new guidance includes simple checklists and how-to videos, covering topics such as:

• Deciding an appropriate format for disclosure to the public
• Finding various types of hidden personal information including hidden rows, columns and worksheets, metadata and active filters
• Converting documents to simpler formats to reveal hidden data
• Avoiding using ineffective techniques to keep information secure
• Using software tools designed to help identify hidden personal information (such as Microsoft Document Inspector)
• Reviewing the circumstances of a breach to prevent a recurrence
• Removing and redacting personal information effectively

Read the full guidance on avoiding data breaches on the ICO website.