The UK’s Information Commissioner is calling on authorities to stop using Microsoft Excel when responding to Freedom of Information Act (FOI) requests.
According to Commissioner John Edwards, the concerns stem from a number of breaches that have occurred as a result of using Excel.
The notice follows a number of recent high profile personal data breaches, where personal information was inadvertently included in spreadsheets that were shared as part of a FOI response.
The Commissioner advises that authorities stop using Excel for such requests, as well as stop using spreadsheets with hundreds or thousands of rows. The Commissioner urges authorities to instead invest in proper data management solutions.
“The recent personal data breaches are a reminder that data protection is, first and foremost, about people,” said Commissioner Edwards. “We have seen both the immediate and ongoing impact that the release of such sensitive personal information has had on the individuals and families involved, and that is why I have taken this action.
“It is imperative that robust measures are in place to protect personal information. The advice we have issued sets out the bare minimum that public authorities should be doing to protect personal data when responding to information access requests, and to reassure the people they serve, and their staff, that their information is in safe hands.”
The advisory is the latest issue to raise concerns about Microsoft’s security. The company has had a number of embarrassing incidents recently, including US government email addresses being compromised by Chinese hackers.
Excel has long been an attack vector that hackers have exploited. While Microsoft has tried to shore up its security, there’s clearly still much to do.