7 hazards that need to be considered when disclosing information
Since the GDPR came into force, the general public have an increased awareness of their rights when it comes to their privacy and personal data.
As an organisation therefore, when you are dealing with Subject Access Requests (SARs), Freedom of Information (FOI) requests, or Environmental Information Regulation (EIR) requests, you need to pay extra attention to the information you are disclosing, else the penalties, reputational damage and general repercussions can be material.
When disclosing information there are a number of hazards that need to be considered. They include:
1. Charts with embedded data
A chart or summary table might not appear to contain any personal data on the surface, but it could in fact have a copy of the individual data points embedded within, making the data accessible with nothing more than a couple of clicks. Complex file types can also contain metadata which may not be appropriate for disclosure, such as photographs with embedded GPS coordinates or the routing information of an email.
2. “Invisible” text
It is easy for users to set the font colour in documents and other file types to be the same as the background (ie, white on white, or black on black etc). Whilst hiding data in this manner prevents personal data being disclosed on a printed version of the file, it will still remain within the source file. This personal data is at risk of unintended disclosure if the electronic version is distributed as simply by highlighting the text or changing the font colour will expose it.
3. Fringes of a file
Another example of where data might be hidden from obvious view is when it is placed in the fringes of a file where is it not expected to be found.
As an example, Microsoft Excel 2007 and upwards support up to 16,384 columns and 1,048,576 rows of data. A user might place data outside of the normal visible area with the aim to hide it from being displayed on a standard sized monitor. An entire worksheet can also be hidden from view. It is less obvious that a worksheet has been hidden as they can be renamed so it is more difficult to notice that a sequential number or letter is missing. However, relying on obscurity as a security measure is poor practice and not to be considered as an appropriate measure to prevent unauthorised access (as hidden sheets can be trivially unhidden).
4. Password-protection
Some software packages allow the author to password-protect specified fields, pages, columns, rows, worksheets or the entire file. Whilst this may afford some protection against accidental or unauthorised modification of the data it would only be considered appropriate protection against unauthorised or unlawful access if the personal data was protected with an appropriate encryption algorithm and the key or password has also remained a secret. Password protection which makes a file or data elements read-only may not fit this requirement.
5. “Save as PDF”
Blocking out text and using editing features (particularly in Word and PDF editing software applications), and then using the ‘Save as PDF’ or ‘Print as PDF’ function rarely provides effective redaction because the PDF file format can support formatting marks such as the highlighter.
Simply copying the highlighted text and pasting to a text editor will reveal the content because the formatting will not be copied across.
6. Email
The technical specification for email defines a number of required and optional fields of metadata.
Some of these are necessary for the successful delivery of the communication. Others exist as a record of the route used for delivery and others assist in virus scanning or SPAM identification.
If the sender’s or recipient’s email address or part of the email subject is due to be redacted it is good practice to remove this from the meta-data or remove the meta-data entirely.
Releasing the original electronic version of an email may also disclose any attachments, which also need to be checked to ensure they do not contain personal data that should not be disclosed.
7. Use of third party redaction services companies
It can sometimes be tempting and necessary to contract out redaction work to another organisation – this is often the case when photographic and/or video material needs to be redacted. If such assets are contracted out to another organisation to be reviewed and/or redacted the correct measures need to be in place with the contractor to ensure “data processing” rules are not breached and Principle 7 of the DPA is complied with. Such measures will almost certainly include the need to have a written and binding contract.
Next Step
To learn how Smartbox.ai can help you avoid these hazards, book a demo today.