An article discussing the importance of metadata in the legal industry today and the impact it can have if shared with the wrong people.

Ask yourself these questions:

1. How many documents do you create per month?
2. How many documents does your organisation create per month?
3. Are your documents ‘clean’, or do they include repurposed content from other sources like websites or articles?
4. How many of your documents are digitally annotated or have at some point included track changes?
5. Do you ever share your documents outside of your organisation?

You may or may not be familiar with the term ‘Metadata’. Put simply, metadata is the story behind an electronic file including its author, creation date, version number and any track changes or comments that have been included along the way. Metadata is useful to help us work in the digital age but the myriad of types of data associated with each document can be difficult to secure – and this can have serious repercussions if not managed correctly.

‘Metadata risk’ is the term used to describe the risk associated with sharing document information with anyone outside of your organisation. The consequences of exposing metadata can be embarrassing at best or litigious, damaging and costly at worst - and the risks carry extra weight in the legal industry due to the confidentiality and sensitivity of documents and the speed and volume at which they’re shared.

One of the UK’s top 100 law firms sent and received over 2.2 million emails in September 2015 alone. Over 444,000 of those emails were sent externally, which equates to an average of over 20,000 emails being sent out per day. A large percentage of those emails contained document attachments and potentially sensitive metadata.

Every single email that’s sent externally that includes an attachment could be the cause a metadata leak unless the proper security measures are put in place. Many firms like this one have completed metadata risk analyses and are aware of the business value of investment in this area.

Here are some examples of when metadata breaches have hit the headlines:

- In 2000, pharmaceutical manufacturer, Merck, submitted an article to The New England Journal of Medicine about their latest arthritis treatment called Vioxx. The article’s metadata uncovered that the drug was linked to an increased risk of heart-attacks, but that the section containing these details had been removed before its release. Following the incident, Merck was hit with around 7,000 lawsuits and Vioxx was withdrawn from the market.

- In 2003 British Prime Minister Tony Blair’s office produced a document stating that UN weapons inspectors were not working in Iraq and that military action was indeed justified. When a US security expert downloaded the document and looked at the metadata, he found that the press office were largely involved in creating the document and that parts of its content were copied from a US student’s work.

- A UN report of the assassination of former Lebanese Prime Minister Rafik Hariri was released in 2005. The document’s metadata revealed the names of the individuals suspected of the killing, despite their details being replaced with ‘senior Lebanese and Syrian officials’.

- In 2014, the Australian Federal Police shared documents online which disclosed the name, address and telephone interception details of a surveillance subject. The case was publicised as ‘a serious breach of operational security’ and ‘an embarrassment for the law enforcement agency and the federal government’.

If you could protect yourself from metadata risk, would you?

There are ways to safeguard yourself against the accidental disclosure of metadata. The most trusted solutions are metadata management and removal software tools, which automate the removal of metadata from a document as it leaves your organisation by email. This type of automated solution is favoured by legal firms as it largely eliminates the chance of a metadata leak, gives company-wide control and doesn’t impact the users’ natural workflow.

When looking to acquire a metadata removal solution, you should seek a technology partner with a solid reputation and a proven record of expertise in your industry. You should also look for a solution that gives you the option to set various levels of management depending on individual or departmental requirements. Finally, it’s important to choose a solution that’s cost-effective, user-friendly and doesn’t affect the users’ efficiency.

Ultimately, it’s important to remember that metadata doesn’t need to be a headache. With the right tools in place to prevent unintentional disclosure, it can be used as a key business tool to help you to identify, organise and archive your files and protect your reputation and money.