Risks of Metadata Factsheet from Privacy Commisioner
The hidden information embedded in computer files - and that accompanies those files when they are transmitted as e-mail attachments, on a floppy disk, or a CD-ROM - can include the tracking of changes made, comments, one's name, initials, and email address, file properties and summary information (such as file size, file location, and the date/time the file was created, modified, and accessed), names of previous document authors, document revisions and versions, and hidden text.
As the factsheet explains:
"The ability to view other people’s comments and suggested changes to a document, using the Track Changes feature [in office productivity applications such as Microsoft Word, Excel and PowerPoint, or Corel WordPerfect]is central to collaborating with co-workers on a project. However, changes that are not accepted still remain with the document, even though they are not readily visible (they can be displayed by turning on the 'Show markup view') and could be inadvertently exposed to unauthorized individuals whenever the document is shared..."
This can have a negative financial, regulatory and/or competitive impact.
The text suggests a number of ways to reduce the risk.
Earlier Library Boy posts on the topic:
- Metadata in Word Documents Can be a Legal Minefield (May 12, 2005)
- Security Risks of Discarding Old Computers (June 8, 2005)
- Avoiding Problems with Hidden Document Metadata (February 6, 2006)
Labels: IT security