Manage the dangers of meta data hiding in the documents you send

Word files and e-mails can reveal more than users intend

In 2003, the government was lambasted by the press because hidden data in a high-profile document on Iraq (the "Dodgy Dossier") was inadvertently disclosed, revealing the embarrassing information that the "original author" of much of the document was a university student.

One year on, it is useful to consider what has been learnt from this mistake. Many argue that it is an area that has not been given the recognition it needs in light of the threat it can pose to any company from any business sector.

When we think of IT security, hackers, bugs and network defences spring to mind. However, the meta data - data about how a document's content has been collected and updated - that resides inside documents is often passed on to external parties, creating added risks for corporate and document integrity.

This month sees the launch of the website Metadatarisk.org, a public-benefit site offering information for IT professionals and business users wanting to avoid exposing confidential information. Metadatarisk.org provides information to help people understand the consequences of sharing certain types of information, the liability issues, and the risks to organisations in mismanagement of this process.

In an age of IT dependency, it has become increasingly important to implement measures to protect the interests of the company and the individual user. Small mistakes can have big consequences, creating legal vulnera- bilities and destroying reputations. Therefore it is crucial to inform organisations about how to maintain document integrity.

In an increasingly accountable and compliant corporate world, it is important to emphasise that meta data can have a positive function when creating large documents. It can provide information on who has contributed to the document, any changes that have been made, and information about the company - all of which is of great use when considering compliance areas such as access control, audit trails and archiving.

But unintentional disclosure of this information can have disastrous effects. Information that assisted in the creation of a document, but not for general consumption, could be exposed for all to see with a click of a button.

The pervasive nature of Word documents and the ubiquitous use of e-mail as a vehicle for collaboration has raised the meta data stakes in the past few years. If the stakes are higher, so are the risks, increasing the need for education and information sharing.

Much of the battle lies with awareness. Despite meta data tools being readily available, few are able to distinguish between "good" and "bad" meta data; hence the challenge is assessing the business process that sits behind meta data "breeding grounds".

How do users in your organisation share information? Where does responsibility lie for amending and sending business-critical information outside the firewall? How has your IT strategy tackled automated processes that affect document integrity? Meta data risk is a symptom of all these questions remaining unanswered.

The solution will only come over time with assessment and planning. However, to reduce the immediate risk, organisations need to take the minimal action of removing harmful meta data, while still preserving the value, before any document leaves the organisation.

Joe Fantuzzi is chief executive of software supplier Workshare

Read more on E-commerce technology

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close