SOLVED

Is it really impossible to break workbook protection?

Copper Contributor

Hi,

I process personal data and need strict protection (GDPR). My raw data from a survey is copied to several worksheets in a workbook and the processed anonymous data (dashboards) is in other worksheets in the same workbook.

Before sending the whole workbook with the visible dashboards to my customers I delete some of the raw data worksheets and hide others. After that I protect the structure of the workbook with a code. Now only the worksheets with the dashboards are visible.

 

Will it at all be possible for my customers to break the protection and get access to the sensitive raw personal data or am I completely safe?

 

Thanks in advance to your reply!

 

Best regards Per

15 Replies

@perskovmandrasmussen 

Sheet protection and Workbook protection are coded into the file's XML (Presuming you're using an xlsx workbook) and can be removed easily.  If you want something stronger I'd recommend setting a password to open and/or modify.  Also, there's Information Rights Management.

best response confirmed by perskovmandrasmussen (Copper Contributor)
Solution

@perskovmandrasmussen 

Yes, Excel protection is mainly the protection from the errors due to negligence. Simplest case, if you hide Sheet1 and protect structure, anyone could write in Sheet2 formulas like =Sheet1!A1 and pick-up information from hided sheet in protected structure. To find actual name of the Sheet1 is also not a big deal.

Hello,

Depending on the Excel knowledge of the customer you're sending the workbook to. You can hide all the sheet tabs that contains the sensitive raw information. Moreover, the person working with the workbook may in fact, do not know whether you've hidden some sheets if he or she isn't suspecting you

@Abiola1 

Afraid that's not exactly what GDPR is required.

@Patrick2788 

Thanks for your answer. It makes sense. However I have also protected the workbook with a password for opening and anonymised all names with random numbers. Finally I have deleted all content in the hidden worksheets and deleted all previous versions of the workbook before sending to customer.

 

Do you think all this gives 100% protection?

@Sergei Baklan 

Thanks for your answer. It makes sense. However I have also protected the workbook with a password for opening and anonymised all names with random numbers. Finally I have deleted all content in the hidden worksheets and deleted all previous versions of the workbook before sending to customer. Do you think all this gives 100% protection?

@Abiola1 

Thanks for your answer. It makes sense. However I have also protected the workbook with a password for opening and anonymised all names with random numbers. Finally I have deleted all content in the hidden worksheets and deleted all previous versions of the workbook before sending to customer. Do you think all this gives 100% protection?

@perskovmandrasmussen 

There are password utilities that can crack the encrypted passwords.  They typically use brute force method to "guess" the password.  If the password is random characters and special characters it makes it very, very hard to guess.

@perskovmandrasmussen 

IMHO, if you anonymised all names that's enough from GDPR point of view. Password gives another protection from unintentional access (however, it could be hacked). Deleting of previous versions gives nothing, that affects only internal environment.

 

I guess you are safe enough.

Dear Sergei,

Thanks for you answers that were very helpful for me.

Best regards

Per

 

@Sergei Baklan 

@Sergei Baklan 

Dear Sergei,

One last consideration. How should I understand your phrase "affects only internal environment". My intention of removing previous versions of the workbook is that these would also contain the real names of the participants in the survey. I want to be sure that these names are truly gone for good and cannoit berecovered in some way or another if the access password is broken.

Best regards

Per

@perskovmandrasmussen 

I mean if you send the file to someone outside, such person have no access to version history (OneDrive, Sharepoint, etc) and/or autosaved versions on your local computer.

 

If you share the file within your environment (e.g. on OneDrive) when yes, it's better to save final version as separate file and share only it.

@Sergei Baklan 

The files without the deleted old versions of the workbooks are sent to each customer using a separate Sharepoint site I have made for each customer, that has no access to the rest of my Sharepoint sites.

Does this setup mean I do not have to delete the old versions in principle?

@perskovmandrasmussen 

Nope, if they are on another site to which your customers have no access. To be sure you may click on 3 dots to the right of the file name and check version history. In addition to check site Recycle bin if nothing critical was moved to it.

@Sergei Baklan 

Dear Sergei,

Thanks for your answers to my questions. They were really helpful!

Best regards

Per

1 best response

Accepted Solutions
best response confirmed by perskovmandrasmussen (Copper Contributor)
Solution

@perskovmandrasmussen 

Yes, Excel protection is mainly the protection from the errors due to negligence. Simplest case, if you hide Sheet1 and protect structure, anyone could write in Sheet2 formulas like =Sheet1!A1 and pick-up information from hided sheet in protected structure. To find actual name of the Sheet1 is also not a big deal.

View solution in original post