
Excel pivot table data leak leads to £120k fine for London council - walshemj
https://www.tripwire.com/state-of-security/featured/excel-pivot-table-data-leak-leads-120000-fine-london-council/
======
pdpi
It still bothers me that we as an industry completely botched the
"productivity application" formats as thoroughly as we did.

For just about every other domain, we have a clear distinction between formats
meant for editing vs publishing — You publish mp3 or aac, not Logic Pro files.
You publish jpegs or pngs, rather than Photoshop files, etc.

Yet, for some reason, MS Office formats meant for editing became ubiquitous
for distribution too. This incident is just the latest bit of nonsense that
comes from this mistake.

~~~
LyndsySimon
Is that a problem with the tech industry, or with businesses in general?

I would think that the only acceptable format for releasing information like
this would be static - in this case, a PDF.

~~~
United857
Even with PDF, there is a risk -- there have been some cases e.g. with the US
government where sensitive info was thought to be redacted.

However, the people doing the "redaction" just added a black rectangle layer
on top of the text, which was easily revertible.

E.g. [https://washingtontechnology.com/articles/2009/12/09/tsa-
bre...](https://washingtontechnology.com/articles/2009/12/09/tsa-breach-pdf-
redaction-refresher.aspx)

------
xxpor
First, it seems silly to fine a government since that's really just tax payer
money. Secondly, are owners of properties not public record already in the UK?
They are in the US (even if that company is just a shell that's hard to figure
out the real owner of)

~~~
bazzargh
As well as other things people have mentioned, it's more complicated than
that. The Land Registry doesn't cover the whole UK - just England and Wales -
and only about 85% of property. It registers mostly transfers by sale, or
long-term leases, but not eg inheritance. So family farms, large estates, etc
are not in there. In Scotland the information is held by the Registers of
Scotland, and in Northern Ireland it's Land and Property Services - neither of
whom provide free access.

~~~
LyndsySimon
Interesting.

I metal detect as a hobby, and often need to determine ownership for places I
want to ask permission to search.

In the US, everywhere I've ever checked has ownership information publicly
available. Most counties and municipalities have a GIS site of some kind that
lets you look up ownership on an interactive map; the most difficult case
would be that you'd have to call the assessor's office and ask someone to look
up the owner of a given parcel. I may be mistaken, but I believe even in that
case they're required to make those data available in electronic form upon
request.

As for privacy, the most common thing I've seen is that people will create an
LLC or a trust that owns the property. In those cases the entity's name is
tied to the record and the contact information is that of its registered
agent. That's almost always a local attorney. Every time I've called them and
asked I've been given the name and contact information of the person behind
the entity, but at least in theory the attorney could serve as a proxy. Legal
entities can make things complicated, but I don't know of any way to actually
completely hide ownership if someone wanted to go through the trouble of
tracing the chain of holding entities.

------
jschwartzi
A simple procedure to prevent the leakage of the data is to copy values only
when you copy/paste anything in Excel. It's a special option you have to
select, but when done properly it erases all of the hidden information that's
used to calculate a value and replaces it with the displayed value in the
cell.

[https://support.office.com/en-us/article/paste-values-not-
fo...](https://support.office.com/en-us/article/paste-values-not-
formulas-12687b4d-c79f-4137-b0cc-947c229c55b9)

~~~
wereHamster
> It's a special option you have to select, but when done properly […]

So not really reliable, I wouldn't trust ordinary office users to use it
correctly. Exporting to CSV is safer, because you can open the file in a
plain-text editor and see what you're actually going to share. CSV won't hide
anything from you, unlike the proprietary Excel file format (I know it's XML-
in-ZIP but who can be bothered inspecting the contents).

~~~
ksk
Why is it not reliable? The much famed "ordinary" user is often portrayed a
bumbling incompetent user. For any heavy excel user, or rather any excel user
thats ever used formulas, this is a common UI operation. Your CSV suggestion
is good, but it can't carry the formatting and other extra info which is the
reason people use excel to begin with!

