Protecting data

%3CLINGO-SUB%20id%3D%22lingo-sub-1941696%22%20slang%3D%22en-US%22%3EProtecting%20data%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1941696%22%20slang%3D%22en-US%22%3EWe%20use%20a%20spread%20to%20collect%20personal%20data.%20Multiple%20users%20keep%20these%20spreadsheets.%20Is%20there%20a%20way%20to%20prevent%20the%20file%20from%20being%20printed%20or%20attached%20to%20email%20to%20be%20sent%20outside%20the%20organisation%3F%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1941696%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDeveloper%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Etraining%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1945355%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20data%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1945355%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F886062%22%20target%3D%22_blank%22%3E%40JaniceSt%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'll%20let%20someone%20else%20handle%20the%20part%20of%20your%20question%20where%20you're%20seeking%20a%20technical%20solution--personally%2C%20I'd%20be%20skeptical%20of%20how%20effective%20any%20such%20solution%2C%20if%20it's%20available%2C%20could%20be%20in%20the%20first%20place.%20It's%20just%20too%20easy%20%22for%20the%20sake%20of%20convenience%22%20for%20people%20to%20let%20down%20their%20guard.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20retired%20now%2C%20but%20during%20my%20career%20I%20had%20a%20stint%20as%20director%20of%20the%20corporate%20HR%20and%20Payroll%20database%20for%20a%20major%20US%20corporation.%20In%20that%20capacity%20I%20had%20many%20opportunities%20to%20grow%20aware%20of%20(a)%20how%20important%20it%20is%20to%20protect%20personal%20information%2C%20and%20also%20(b)%20how%20easily%20people%20can%20unwittingly%20and%20too%20casually%20let%20said%20personal%20information%20slip%20out.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJust%20this%20day%2C%20here%20on%20this%20website%20(techcommunity.microsoft.com)%2C%20I%20encountered%20an%20extensive%20roster%20of%20employees--names%2C%20departments%2C%20employee%20IDs%2C%20managers--%20that%20someone%20had%20posted%20seeking%20help%20with%20an%20Excel%20formula.%20It's%20a%20violation%20of%20the%20site's%20policies%2C%20but%20that's%20a%20technicality%20(who%20reads%20those%20policies%20when%20clicking%20the%20box%20that%20says%20you're%20agreeing%20with%20them%3F%3F)....I'm%20sure%20it%20was%20done%20with%20no%20malice%20aforethought%2C%20but%20it%20was%20done%2C%20and%20most%20likely%20done%20without%20even%20thinking%20of%20it.%20I'm%20sure%20that%20person%20wouldn't%20knowingly%20leave%20such%20a%20roster%20on%20a%20park%20bench%20in%20a%20public%20park%3B%20yet%20somehow%2C%20didn't%20even%20stop%20to%20think%20before%20posting%20it%20on%20a%20very%20public%20website.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESO%2C%20you%20know%2C%20I%20trust%2C%20where%20this%20is%20going%3A%20%3CSTRONG%3Eyour%20best%20defense%20against%20inadvertent%20disclosure%20of%20all%20that%20personal%20information%20that%20you're%20collecting%20is%20education.%3C%2FSTRONG%3E%20%3CSTRONG%3EReinforced%20by%20constant%20reminders%2C%3C%2FSTRONG%3E%20perhaps%20on%20the%20spreadsheet%20itself%20that%20%22this%20data%20is%20highly%20sensitive%2C%20and%20is%20not%20to%20be%20emailed%2C%20stored%20on%20(say)%20Google%20Drive%20%22for%20convenience%22%20with%20access%20to%20that%20drive%20being%20private%20at%20the%20start%20but%20later%20shared%20for%20some%20other%20purpose.....shared%20with%20anybody%20other%20than%20those%20authorized.%22%26nbsp%3B%20And%20then%20make%20it%20an%20agenda%20item%20on%20meetings%20of%20those%20who%20have%20access%20to%20it%2C%20and%20publicly%20talk%20about%20slips%2C%20not%20to%20shame%20but%20to%20educate.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1957883%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20data%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1957883%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F886062%22%20target%3D%22_blank%22%3E%40JaniceSt%3C%2FA%3E%26nbsp%3BIf%20you%20found%20a%20solutions%2C%20it%20wouldn't%20solve%20any%20of%20your%20worries%20about%20someone%20doing%20something%20malicious%20with%20the%20spreadsheet.%20They%20could%20still%20simply%20copy%20and%20paste%20the%20content%20or%20take%20a%20screenshot%20and%20send.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20advice%20would%20be%20to%20ensure%20that%20only%20people%20that%20need%20to%20access%20that%20file%20have%20access%20to%20it.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHere%20is%20a%20document%20that%20will%20help%20you%20restrict%20access%20within%20Office%20365%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Finformation-protection%2Fhelp-users%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Finformation-protection%2Fhelp-users%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor
We use a spread to collect personal data. Multiple users keep these spreadsheets. Is there a way to prevent the file from being printed or attached to email to be sent outside the organisation?

Thanks
2 Replies

@JaniceSt 

 

I'll let someone else handle the part of your question where you're seeking a technical solution--personally, I'd be skeptical of how effective any such solution, if it's available, could be in the first place. It's just too easy "for the sake of convenience" for people to let down their guard.

 

I'm retired now, but during my career I had a stint as director of the corporate HR and Payroll database for a major US corporation. In that capacity I had many opportunities to grow aware of (a) how important it is to protect personal information, and also (b) how easily people can unwittingly and too casually let said personal information slip out.

 

Just this day, here on this website (techcommunity.microsoft.com), I encountered an extensive roster of employees--names, departments, employee IDs, managers-- that someone had posted seeking help with an Excel formula. It's a violation of the site's policies, but that's a technicality (who reads those policies when clicking the box that says you're agreeing with them??)....I'm sure it was done with no malice aforethought, but it was done, and most likely done without even thinking of it. I'm sure that person wouldn't knowingly leave such a roster on a park bench in a public park; yet somehow, didn't even stop to think before posting it on a very public website.

 

SO, you know, I trust, where this is going: your best defense against inadvertent disclosure of all that personal information that you're collecting is education. Reinforced by constant reminders, perhaps on the spreadsheet itself that "this data is highly sensitive, and is not to be emailed, stored on (say) Google Drive "for convenience" with access to that drive being private at the start but later shared for some other purpose.....shared with anybody other than those authorized."  And then make it an agenda item on meetings of those who have access to it, and publicly talk about slips, not to shame but to educate.

@JaniceSt If you found a solutions, it wouldn't solve any of your worries about someone doing something malicious with the spreadsheet. They could still simply copy and paste the content or take a screenshot and send. 

 

My advice would be to ensure that only people that need to access that file have access to it. 

 

Here is a document that will help you restrict access within Office 365: https://docs.microsoft.com/en-us/azure/information-protection/help-users