16 April 2025

Data Sharing: Ways to Avoid a Data Breach 

By Chrissie Taylor, Information Governance Officer 

Data breaches never seem to be far away from the headlines. Recent incidents range from cyber security issues to the misplacement of physical files. 1 

Human error is a significant element of data breaches, these errors can arise from lapses of concentration and misuse of email and other systems. Despite the most robust records management systems, sophisticated cyber security systems and human monitoring and vigilance, human error remains a contributing factor in many data breaches. 

The Data Breach  

It was revealed in January that a school has been reported to the Information Commissioner’s Office after thousands of lines of sensitive student data within a spreadsheet was mistakenly shared with parents after they made a FOI request about an aspect of school procedures.2 The breach was compounded by the fact that special category data, information regarding student’s health, was shared.  

Risks Associated with Sharing Excel Spreadsheets 

The data in this particular breach was shared via a spreadsheet. Sharing data via excel spreadsheets can carry inherent risks. Indeed, the Information Commissioner’s Office issued guidance in 2023 advising public authorities against its use when responding to FOI requests.3

It can be easy to inadvertently share personal data when responding via this format especially if the data has been compiled by a colleague or another department. If excel spreadsheet is the only feasible means of data sharing, then it is crucial that the document is checked for unexpected data in hidden rows or columns and extra tabs which could contain third party personal data. It is also advisable to convert spreadsheets into other formats, such as Comma-Separated Value (CSV).  This format only exports visible fields and so can help to mitigate the risks of inadvertently sharing hidden rows and columns.  

Advice on the Safe Sharing of Data 

There are other simple steps that can be taken to ensure data is shared securely:  

  • Check the email recipient: Many data breaches occur through the use of email. Taking a pause to double check that the email is being sent to the correct recipient is an easy solution to the accidental sharing of data.  
  • Secure files: Encrypting or password protecting documents when sharing ensures that documents can only be read and accessed by authorised users.  
  • Document Naming Conventions: Ensure files are named appropriately and follow your organisation’s naming convention format. If files are correctly and appropriately named, then it is less likely that the wrong file will be mistakenly attached to an email.   
  • Data Sharing Guidance: Share the Information Commissioners Office (ICO) guidance on How to disclose information safely with colleagues or use it as part of regular communications.  

Overall, sometimes it is as simple as taking the time to double check the correct data is being shared with the correct recipient(s) that can prevent data breaches. This is in line with the principle of ‘check twice, send once’. 

Conclusion 

It is important to remember that behind the data there is a person and when personal data is accidently disclosed there is potential for anxiety and stress to be caused. For organisations, there is of course the risk of fines and reputational damage.  

This incident highlights the importance of having robust security measures in place to mitigate as far as possible any potential data breaches. By being cautious to hidden data in spreadsheets, seeking alternative file formats and taking pause for thought when sharing data, the security of data can be maintained and data breaches averted.  

Learn to Implement These Best Practices with Naomi Korn Associates 

Are you looking for training which will equip you with the skills to handle data breaches with confidence? Invest in your information security skills today with our Information Security and Data Breach Management course, next running 10 June 2025, 9:30am-1pm. For more information and to book your ticket now, visit the event page: https://www.eventbrite.co.uk/e/1038821231267

Each of our intermediate courses can be taken as an individual course or as part of our Intermediate Certificate (available in Copyright and in Data Protection).  Book any of our courses via our Online Training page or contact our Training Manager at info@naomikorn.com

  1. Sensitive army papers found in Newcastle street – BBC News, Cardiff: Vulnerable children’s details at risk in data breach – BBC News ↩︎
  2.  Hundreds of pupils’ sensitive data shared ‘by mistake’ – BBC News ↩︎
  3. Information Commissioner calls on public authorities to stop using spreadsheets in FOI responses | ICO ↩︎

Recent News

London Library Back Stacks © Simon Brown
31 March 2026

Generally Recognised Standards for use in the data protection purpose ‘archiving purposes in the public interest’

read story
Horace Bénédict de Saussure and others ascending Mont Blanc. Coloured aquatint. Wellcome Collection.
25 March 2026

Data Subject Access Requests: A Burden for Small Businesses?

read story
A Battle between Animals, Divs and Hindu Deities, Unknown Artist, Wellcome Collection, via ArtUK
18 March 2026

Get a Grip on Copyright – Understanding the Basics

read story
Salford Quays, Jason Jeandron via Unsplash
12 March 2026

Data Breach News: Salford City College Group

read story

Back to News

Discover more from Naomi Korn Associates

Subscribe now to keep reading and get access to the full archive.

Continue reading