If you use spreadsheets to track employee, customer, contractor or supplier information, you are opening yourself up to error and possibly breaching your obligations under the Privacy Act 1993, Privacy Commissioner John Edwards says.
In data breaches involving spreadsheets reported to the Privacy Commissioner, the numbers of individuals affected per breach has ranged from dozens to thousands.
The Privacy Commissioner’s tips for avoiding breaches are:
- If you have to maintain a database, think about a purpose-built database management system, one that only generates the results you need.
- Don’t email spreadsheets around. Instead:
- Export the data you need from the spreadsheet and just send what you need, or
- Convert the spreadsheet into a PDF document before sending, or
- Put only the relevant data directly into a table in the email, or
- If you absolutely need to email a spreadsheet to someone, use a password to protect it and check who you send it to.
While these precautions may seem obvious, it is clear from ACC’s well-publicised Privacy Act breaches, that a small error can turn into a large privacy problem all too easily.