The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Sunday, February 05, 2006
The Globe and Mail's technology section has an article on hidden metadata, where it comes from and what Microsoft is trying to do to address the issue. (See: globeandmail.com : Stamping out metadata.)
Here are my own thoughts on the issue:
Metadata is one of the greatest privacy and confidentiality risks for users of Microsoft's Office suite of programs. It has caused innumerable slip-ups, mostly caused by users who are generally oblivious to its presence or how to remove it. It is also compounded by the fact that some of the most obvious meta data (track changes and comments) can be completely inapparent. For example, if someone sends you a document full of markups but their copy of Word is set to only show the "final" version, they won't see it before they send the document on. The setting to not show changes follows the document, so the next person to open it will not see the markups unless they manually change the option. The same goes for "comments", which can be handy but are often not apparent to the viewer of the document.
Like many things, there are features in Word that will help you avoid metadata blunders (Options Security Privacy), but they have to be manually turned on and the average user is completely oblivious. To make things worse, one of the options is misleading. If you click yes to "Warn before printing, saving or sending a file that contains tracked changes or comments" it will not really warn you when you send a file the way that 99.9% of people do. If you attach it to an outlook message, no warning. None. One might think that those two parts of the Office program would talk to one another. Or that the "feature" might be accurately labelled. No such luck.
Even with all the publicity given to metadata issues of late, I have still seen first-hand some metadata blunders that could have had a huge impact on confidentiality. I've seen a closing checklist for a huge transaction that was based on a precedent document. Whoever typed the changes had (likely accidentally) used "track changes" with the markups hidden, so they didn't see that the markups fully identified another client of the firm who authored it. I've also seen documents sent with lawyers' comments embedded that were sent to the other side. I've also seen service agreements with pricing information embedded from a previous customer. This is a serious issue.
So what's the solution? It is not to remove features like comments, track changes and the like. These are all useful features. Those who understand what the metadata problem is and how these applications work are likely pretty about the meatadata issue. The problem is that this is a potential security hole that exists out of the box and uneducated users don't know it is there and what it can do. Program designers need to make sure that the programs they publish are set to be secure and that users are educated about the possibility of compromising confidential information if the features are enabled. And while I'm at it, I'll suggest that the two most-used programs in Microsoft's Office suite, Word and Outlook, need to work together to deal with the issue. Programming a feature to warn users that they are about to e-mail a document with metadata probably wouldn't be impossible. Or have it only throw up a flag if the document is mailed to someone beyond the local exchange server. And have it alert if a document is being copied off a networked drive onto a CD, thumb-drive or other portable media. Finally, if the security setting says it'll warn you when you e-mail a metadata-ridden document, it should at least do so.
Update: Jim Calloway has a great post about metadata and lawyers: The Mysteries (and Magic) of Metadata.
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.