"I do not believe it makes sense to say that [Excel spreadsheets]* are inherently evil. In certain circumstances, they can play a positive role-as they have in the past. But clearly they have a power to do great harm." Des Browne, UK Defence Minister.
If you want to engineer a really good privacy breach, grab all your customers' data and put it in a poorly secured Excel spreadsheet. Combine this with a lax approach to data loss prevention in your email client, and some kind soul in your office will eventually, accidentally, do you the favour of emailing it out to somebody who shouldn't have it.
Here at the Office of the Privacy Commissioner we'd really rather you didn't do that.
If you hold large amounts of personal information and you're using spreadsheets to corral it all, you're opening yourself up to user error and possibly breaching your obligations under the Privacy Act. We're not advocating that you revoke your subscription to Office 365 and revert to paper files and locked drawers, but we're saying use spreadsheets wisely.
In the data breaches reported to OPC involving spreadsheets sent by email, the numbers of individuals affected per breach has ranged from dozens to thousands. While some of the systems involved had data loss protection or security procedures in place, there were holes and user error always finds a way.
If you have to maintain a database, you should be thinking about a purpose built database management system. That way, when you query it, you're just generating the results you need, not hunting and pecking your way through a bloated spreadsheet.
This approach can also help lay the groundwork for a more customer-driven solution to accessing records. It's not always going to be an appropriate solution, but letting the customer access their own information through a web service will minimise the chance of them being accidentally emailed their information along with 900 other customers' details.
If you must use spreadsheets, don't email them around. Export the data you need from the spreadsheet and just send what you need. Convert the sheet to PDF or put the data directly into a table in the email if it's a small enough set. If the receiver doesn't need all the underlying formulae, it potentially doesn't need to go out in worksheet form.
Finally, if you absolutely need to email a spreadsheet to someone, protect it. For instance, Excel has a built in function to password protect files. Yes, it's barebones, but it's better than nothing. Consider a pop-up notification when files are being sent to external recipients, or maybe have employees rigorously curate the email addresses that populate the auto-complete function in Outlook. The more data loss prevention tools you use, the lower the probability of a breach.
Whatever you choose, make sure it fits how you do business - Outlook pop-ups are no use if everyone in the office is handling email through iOS Mail.
When it comes to solutions, what you really want is to create a culture where people think about what they're sending, where they'll regularly check the addressee details and the attachment contents.
Part of the solution is changing the way you talk and think about data. A spreadsheet isn't just a collection of data entries, it's people's contact details, medical information, or financial records.
You need to change things up enough that people don't just send things out on auto-pilot. This can take time, so it needs IT support to hold it all together. You don't want employees triggering a catastrophic event by accidentally pressing the big red button - so design your system so that they're not left in the room with it.
*Browne was actually referring to nuclear weapons.
Image credit: American man Syd Connelly and his winning safety slogan (1953 Library of Virginia, Creative Commons licence).