What does this cover?
Last month we reported on the ICO's publication of guidance – 'How to disclose information safely: Removing personal data from information requests and datasets' (the Guidance). The publication was aimed to help organisations respond to subject access requests and to assist public organisations respond to Freedom of Information and Environmental Information Regulations. Examples were provided of previous disclosures that had failed to satisfactorily protect data and it gave an overview of the statutory requirements for removing personal data.
This month, in a blog, which follows on from the Guidance and discusses why the Guidance was necessary, the ICO's Group Manager for Technology, Simon Rice, discusses the "dangers of hidden data". Much of the blog mirrors the "hidden data" advice in the Guidance but the blog provides a briefer, easily accessible summary of some of the things that business should be thinking about when it comes to providing information and ensuring that personal data is not inadvertently disclosed.
Simon Rice advises companies that, for instance "With spreadsheets, personal information can be hidden in plain sight. A hidden column is easily revealed, providing more information that you had intended. Check for hidden content, or use simple text formats like CSV files"
To view the ICO blog, please click here.
What action could be taken to manage risks that may arise from this development?
Financial services companies should review the guidance and blog against existing policies. An update to company policy may be required.