What your metadata is revealing about you


It is alarming how seemingly innocuous professional documents can potentially provide personal information about you or your business if they’re handled incorrectly.

Unbeknown to the average computer-using individual, unchecked documents containing auto generated ’metadata’ can reveal things like where you work, live, your age, current location and even who your colleagues, clients and friends are. If this information is confidential, sensitive, or potentially embarrassing, it could be putting your business and you at risk. Furthermore, can posting personally be a greater risk to you professionally when it comes to mismanagement of metadata? We’ve taken a look at how those who blur the lines between a work/life balance and remote workers are leaving themselves vulnerable.

What is metadata?

You may think that the information you deal with every day is already well protected and professionally handled. However, much of the information that gets passed around with a file is invisible. Every time you annotate, edit or alter a document, your decisions are stored as data within the document – otherwise known as metadata. Even though a finished document may look clean before you send it out to colleagues or clients, the reality is that it still contains evidence of your processes: your alterations, editions, authorship and corrections, the sort of things you really shouldn’t publish for fear of reputational or financial damages.  Examples of metadata include:

  • Date and time stamp of  when a record is created or updated
  • Identity of the user and whoever made changes
  • The kind of computer or mobile device they were using

Whilst this data might not seem destructive, potentially putting all of it in the hands of someone who could use it against you, it can be detrimental.The purpose of metadata is to categorise data to make it easier to find and interpret and, when used properly, it can be very helpful. If handled without care, others could exploit metadata to find information that could hurt your business, you, or anyone involved.

What information can be found about you?

Your name, address, phone number, national insurance number and date of birth is all data about you.Structuring this information in a database allows anyone with access to search and find people who fit certain criteria, demographics, or even find a specific person, based on partial information. This is a tactic used frequently by telesales companies. Even if important information such as national insurance or bank account numbers have been hidden in an Excel column, it can still be found by someone who knows their way around metadata. Your document management system (DMS) also uses metadata to index your documents. Users might search for the name, date, author, who opened the document last and so on and so forth.We’ve brought together some examples of situations and how they apply to different sectors:

The legal sector

Working on high profile or sensitive cases can be difficult and even a small data leak could wreak total havoc. Not only can leaked metadata reveal sensitive information about your firm, such as who has been working on a case and where, but it can also put your clients at risk by revealing their personal information.

The media

Having unprotected sources means that protecting your data is crucial to making sure your files don’t expose them. Being able to assure the anonymity of a source is essential to many journalists and revealing those sources accidentally through mishandling of metadata could be disastrous. For example, when Vice magazine led police to John McAfee by positing a geotagged photo containing his exact location, down to latitude and longitude, or when metadata leaked by American publication The Intercept led to the recent arrest of intelligence specialist Reality Leigh Winner. The magazine revealed where the leaked document was mailed from: journalists should scrub all files of metadata and turn off geotagging in their phone’s ‘Location Settings’ to avoid exposing their source.

The accountancy and finance sector

Highly sensitive information is often held by finance departments and accountants, including social security numbers and bank account details. But did you know that sending out an email with parts of a spreadsheet embedded links back to the original file? This could expose employee wages, company profits, charge scales and balance information – a red-faced moment for all involved and a potential loss of business. If clients don’t feel that they can safely trust your company with their information, they will take their business elsewhere.

The insurance sector

Insurance details can be incredibly revealing, not only from a client’s point of view but for a company too. Leaking of personal income, national insurance numbers, addresses and details of home contents could mean that your clients are left exposed and become sitting ducks for cyber-attacks. Your company can be left vulnerable by the loss of policy numbers, costs, prices and pay outs, along with employee pay and details. Metadata in emails, poorly checked files and leaked information should be a major concern for your organisation.If you use Track Changes, deleted text and earlier versions – these are stored as metadata. Once it’s forwarded, published and released, the deleted data can be retrieved and viewed by anyone. The outcomes for you professionally could be embarrassing but it might be disastrous for your clients or your company at large. Knowing that your metadata is being kept under wraps by a dedicated metadata cleaning software gives peace of mind that can’t be under-estimated, find out more here.Dean Sappey, President and Co-Founder, DocsCorp