The Information Commissioner’s Office (ICO) has published guidance to help organisations safely disclose documents to the public. 

The ICO explains that the guidance is intended to address the risks of accidently disclosing documents containing hidden personal information to the public, for example when publishing documents online, sending documents to a customer, or responding to an information request. 

In addition to reminding organisations generally how to comply with the data protection principles in order to avoid accidental breaches, the guidance concentrates on steps that organisations can take to ensure that such breaches don’t occur where personal information is ‘hidden’ in documents. This includes the use of software tools to check documents, converting documents to simpler formats, and simply checking for and removing personal information that has been inadequately hidden using commonly used – but ineffective – techniques. 

Helpfully, the guidance contains a range of practical examples of how organisations can take these steps, including specific advice on how to remove personal information from spreadsheets, and links to support pages from Microsoft. Organisations are also encouraged to have policies and procedures in place to help staff redact information securely and respond to any breaches effectively, and the guidance provides advice on how to ensure that documents are redacted properly. 

Finally, the ICO has produced a series of checklists, setting out the measures that organisations must, should, or could take to avoid an accidental breach when personal information is ‘hidden’, together with separate checklists for spreadsheets and the application of redactions. 

To read the guidance in full, click here.