What is Metadata and should we be concerned?
Metadata has been defined as "data about data". Information that is embedded in a document that can tell a user information about how the document was created. Including information your company may not want someone else to see.
In Wikipedia’s definition they give some of the metadata risks, which I think is an important aspect as it pertains to the assistant.
Microsoft Office files include metadata beyond their printable content, such as the original author's name, the creation date of the document, and the amount of time spent editing it. Unintentional disclosure can be awkward or even raise malpractice concerns. Some of Microsoft Office document's metadata can be seen by clicking File then Properties from the program's menu. Other metadata is not visible except through external analysis of a file, such as is done in forensics. The author of the Microsoft Word-based Melissa computer virus in 1999 was caught due to Word metadata that uniquely identified the computer used to create the original infected document.”1
The Office of the Privacy Commissioner (Government of Canada) have developed a fact sheet on metadata and the risks and how to minimize those risks in this link.2 I would suggest every assistant read it.
Some of the risks are:
Hidden text that is not visible to us, is actually visible in metadata. What you thought you were writing in private ‘for your eyes only’ is visible to anyone who checks the metadata. This could be potentially embarrassing or worse to your company.
When track changes are used someone who checks the metadata will know all the revisions made and deleted. Is this something you want someone to see outside your organization?
Any comments that were put in a document, even though you deleted them are still embedded in the metadata. For instance your boss could have put in a comment “Find out how this is done?” as a note to himself to do some research on a subject. This could be embarrassing to your organization if not seen in the proper context, especially if it is written in a document being sent to a potential client and you are looking to get their business.
If you use a previously saved document as a template for a new document be aware that all the old information is still embedded in the metadata. Including company names, personal information, medical information, patient names, financial details, etc.
There could be financial risks to your organization by overlooking metadata
- Fines and financial penalties could be levied against your company
- Your company could lose a potential client.
- It could be embarrassing or worse to your company
When your IT Department sends an email alerting you to the dangers of metadata and what you need to do as an assistant to minimize the risk to your organization: Do not press Delete! Read it and act on it! As is quoted in the article “Hit send...and regret it”, it could impact your job.
"If we find out if somebody was negligent in the work then yes, of course we have to look at some disciplinary action...".3
I hope this article has given you something to think about. I definitely will be asking my IT Department for more information on what I can do to protect myself and my organization.
1 Wikipedia the free enclycopedia, http://en.wikipedia.org/wiki/Metadata, (accessed November 24, 2007)
2 Office of the Privacy Commissioner, Fact Sheet, The Risks of Metadata, http://www.privcom.gc.ca/fs-fi/02_05_d_30_e.asp, (accessed November 24, 2007)
3 ZD Net Australia, Ferguson, Iain, Hit send...and regret it, http://www.zdnet.com.au/news/communications/soa/Hit-send-and-regret-it/0,130061791,139220866,00.htm, (accessed November 24, 2007)