Forum Discussion

LongRule's avatar
LongRule
Copper Contributor
Jun 20, 2024

Ensuring Data Privacy with Power Query: Can Shared Excel Files on OneDrive Expose Confidential Data?

Confidential File (must not be disclosed, contains huge data including disclosable parts and confidential parts)


Public File (created by importing only the disclosable parts of the above confidential file using Power Query)

 

In this case, can the contents of the confidential file be accessed if the public file is shared publicly via uneditable(view-only) link with onedrive?

 

Note: I can't delete the Query itself because I have to update it daily. Both files are stored in the same OneDrive folder, but only one file(public file) will be shared via uneditable link with onedrive.

A link to the test file will be shared for anyone who wants to attempt a breach.
The link will be removed once the testing is complete:

 

https://1drv.ms/x/s!AnCpAlQd1TUAhdYv1fisUf8vrfGhzQ?e=X1RqKv

  • JKPieterse's avatar
    JKPieterse
    Silver Contributor

    LongRule Looks like I can only see the right-hand version of the data. And it appears none of the "N" marked records are anywhere in the file's xml either. It may be wise to look at the customXML inside the zip container. It contains a blurb of information, but that is somehow encoded. But it isn't base64 (I tried).

    • LongRule's avatar
      LongRule
      Copper Contributor
      Thank you so much for your insights!

      Your confirmation that only the non-confidential, 'N' marked records are visible and not embedded elsewhere in the file's XML is reassuring. It's great to hear that the Power Query effectively restricts access to the confidential data.

      Any further guidance on how to ensure that this part of the file does not inadvertently expose sensitive information would be greatly appreciated.

      Thank you once again for your valuable assistance!

Resources