Document Metadata: What to Know & Why

Privacy in the legal industry is paramount. In this article we answer the main questions surrounding email and document metadata – including what metadata is, why metadata risks are an issue for law firms, confidentiality breaches and how technology can be best utilised to ensure digital documents are shared safely.

Document Metadata: What to Know and Why

Many law firms have measures in place to protect their staff privacy and ensure confidential information is kept secure and not disclosed at any stage to the wrong party. However, the risk of confidential information breaches can still persist unintentionally when sharing documents or sending emails through metadata leaks, for which the implications can be hugely detrimental.

Law firms can prevent metadata breaches through utilizing metadata removal tools, which can help automatically remove metadata content before documents are shared, minimizing the risk of data leakage. However, not all metadata sanitation tools are equal, with some providing a less extensive service than others. Before looking into the benefits of Metadata scrubbers, and which to choose we must first establish what metadata is, and why it is so imperative for law firms to consider.

What is Metadata?                                                    

Metadata is defined as supporting data found within files that aids and provides extra context to the visible content on the document. Although metadata isn’t normally visible at face value on the document, it can still be accessed and viewed by a recipient.

Potential leaks of data in files can include: when the files were created, opened, edited as well as the authors name, timings of when the file was last modified, and any reversions or edits made on the document. Hidden metadata is always created whenever files are interacted with, this includes when files are created, opened, edited, and printed.

At times data breaches of this nature can be innocuous but in a highly confidential field like the legal industry, all breaches of data can be hugely impactful and affect the outcome of a case or court proceedings. Firms cannot risk sensitive information falling into the wrong hands and must safeguard against all forms of data loss. 

Can Metadata be used as evidence? 

Contrary to a common myth, metadata can be used as evidence in court proceedings. To some it may be arbitrary information, however in a legal case all data is hugely relevant and provides further context into dates of when files were created and accessed, while viewing amendments or reviews can help determine a writer's intention when creating the document. Information as sensitive as this can be influential to the outcome of a legal case.

An argument can be made over the ethical considerations of using metadata as evidence when it’s being provided unintentionally, however firms should have the correct tools in place to avoid this occurring by reviewing and removing all metadata that could be harmful. Without technology in place to create awareness around easy to use tools to remove metadata, firms are risking confidentiality data being disclosed every time when sharing files and emails they are providing externally and to opposing councils. 

Image showing sensitive metadata information held within files

Do PDF’s reduce Metadata risk? 

When managing metadata, it’s often assumed that through converting files into different formats such as PDF, files will be protected against data breaches. However, as many have found out metadata is still present in PDF files and confidential data can still be accessed. Security leaks like these are incredibly harmful for firms attempting to protect their clients' privacy.

While law firms may adopt metadata scrubbers to prevent information disclosure, research shows that the vast majority of these metadata sanitizing tools are only cleansing on a surface level and do not provide the detail required to thoroughly safeguard a file from potential breaches.

A recent research paper looking into the exploitation of hidden data found in PDF files by evaluating almost 4000 PDF files from 75 security agencies from 45 countries. Their findings showed that of the 75 security agencies studied, only 7 were using metadata scrubbing tools for only a few of their files. Over half (65%) of the ‘sanitized files’ were still leaking sensitive information, despite being cleansed with a metadata cleansing tool, highlighting how PDF files can still lead to data leaks, and why weak metadata scrubbing tools are inefficient and, in some instances, completely redundant. 

Why you need a detailed Metadata Management Software 

Law firms must be prudent and not take the risk of using weak metadata scrubbing tools that have proven to be inefficient at protecting their data. As we highlight in this article, seeking a technology partner with a solid reputation in the legal technology industry, with a proven track record of expertise, is a major priority to ensure full protection is applied for files.

BigHand Metadata Management is a detailed and thorough user-friendly software solution that helps prevent unintentional metadata disclosure while also providing the option to set degrees of management depending on the requirements of an individual or department. 

When using BigHand Metadata Management, law firms will benefit from a file cleansing tool that protects staff from unintentional breaches of confidential data through a variety of features. The solution easily scrubs files to allow for the removal of metadata information in a user-friendly process, even for those who aren’t the most tech savvy.

Administrators have the option to force metadata removal or skip the process entirely and retain full control of what data they choose to remove. To streamline the process admins have the preference to automate the metadata removal to help with efficiency. Firms are busy and handling multiple files at once, and when using the BigHand Metadata scrubber, can use batch cleaning to remove metadata files from multiple documents simultaneously, this is effective for users who don’t have the time to manually cleanse each file individually before sharing.

Image showing data transfers that occur without a metadata cleansing tool when sending emails and sharing files

Are emails protected from metadata breaches? 

While you may believe your emails are protected, Emailing is a common way in which metadata files can be leaked and data can be unintentionally shared. BigHand Metadata cleansing software protects staff by providing the option to sanitize emails to remove hidden metadata files. Users are automatically prompted when cleanable files are detected to prevent disclosure of information through emails, ensuring staff can securely share emails without data breaches. 

Can all file types be cleansed of metadata? 

With BigHand Metadata Management, a variety of file types can be cleaned, in addition to word documents and PDF files. The solution cleanses PDF, word, Excel and PowerPoint documents as well media files. This ‘cover all bases’ approach means that regardless of the type files you are sharing, users have the comfort of knowing their data will be protected.

While most metadata scrubbers only provide a surface level cleansing and do not remove all metadata from files, BigHand Metadata cleanser allows users to configure the varying levels of metadata cleansing that suits their need. Admins have the choice between using a full cleanse of all metadata, or can choose to retain certain files, providing full control to users of what data to remove, giving law firms the necessary autonomy they need to safely share only intentional data, while still preserving the original file and visible text.  

As seen in the BigHand’s Legal Document Creation in the New Post-Pandemic Age whitepaper document creation will always be a fundamental consideration in a law firm’s service delivery, however the demands of the legal industry are changing, and document creation is following suit. A user-friendly scrubbing tool is key for law firms to secure against metadata breaches. In an industry that’s so document-heavy, having technology in place to supplement and protect privacy in data transfers is imperative and should be at the top of all law firm’s priority lists. 


About BigHand Metadata Management

BigHand Metadata Management is a legal document cleaning tool that allows law firms to cleanse Word, Excel and PowerPoint documents, at any stage of the process. Users can automate metadata removal, configure varying levels of metadata management, and protect staff from unwitting confidentiality breaches and the business impacts they can cause.

BigHand Metadata Management