VA Extraordinaire Hidden information in your documents - Grace S Long - VA Extraordinaire

Grace S Long - VA Extraordinaire

Hints, Tips, News and Views from the ultimate technology specialist

Hidden information in your documents

Are you aware that when you send documents via email to clients, vendors, and colleagues you may be inadvertently sending out confidential information? Yes, that is indeed a horrifying thought.

Each time that we imagecreate an electronic document, metadata is automatically appended to it. An example of this in Word documents would be the title, author, date modified, tracked changes and collaborators’ contributions to the creation of a document. Someone with external file analysis expertise similar to forensics DNA analysis can retrieve information from a document. The likelihood of accidentally sending confidential information in files that have been sent back and forth in a collaborative project increases considerably. The risk is also particularly high for computer users at work or at home who are not computer professionals.

Some types of metadata are:

  • Collaborators’ comments
  • Author’s name, username and/or initials
  • Author’s email address
  • Author’s Company Name
  • Author’s computer name
  • File properties, where it is saved and other information
  • Tracked changes – inserted, deleted or changed which you thought were gone
  • Document revisions
  • Document versions and formats
  • Hidden text
  • Macros
  • Hyperlinks
  • Invisible aspects of linked embedded objects (OLE)

Furthermore, in versions of Office prior to 2007  it was possible that text and metadata that had been deleted from the document was not necessarily deleted from the file. There was no easy way to check for the presence of this deleted data nor to clean it up.

The risk in the security of information when documents are shared and emailed to other people increases unless the author/sender is mindful of this information. Managing information risk has been a growing global concern in both the public and private sectors. It does not only involve technology but also requires a better understanding of all possible security loopholes/leakages, a well informed overview of information flows and flaws, and well designed business policies. 

How can we ensure that we are not putting our clients or ourselves at financial risk or competitive disadvantage?

  1. The problem of deleted data lingering in the file has been addressed in the Microsoft Office 2007 System with the use of new cleaner file formats based on XML. When content is deleted from the document, it is permanently deleted from the file also.
  2. Office 2007 provides utilities to check for and optionally remove personal information and metadata.
  3. Use the SAVE AS PDF or XPS add in feature of Office 2007 which converts your file from a Microsoft Office program into a portable document format (PDF) or XML Paper Specification (XPS) format both of which preserve document formatting, enable file sharing and data in the file cannot be easily changed.
  4. Make sure that we use the DOCUMENT INSPECTOR feature of Word 2007 and remove hidden data and personal information before we distribute sensitive documents for public consumption.
  5. There are also utility programs called document scrubbers which “make documents safer” although in Office 2007 they seem completely unnecessary because of the built-in tools.
Share this post: | | |
Posted: Mon, Apr 6 2009 3:40 by Grace Long | with no comments
Filed under: , , , , , , , , ,