This article can also be viewed at our updated site thenutmeglawyer.com
Your office always engages in the best practices when it comes to your clients' confidentiality, this goes without saying. You've got the latest anti-virus software installed, a comprehensive firewall and fully secured connections for the web? Of course you have. Standard. Yet here you are suddenly finding yourself and your firm under the microscope on matters of confidentiality and possibly facing misconduct charges simply because one of your administrative staffers emailed a document to a third party that contained sensitive metadata about one of your clients or cases.
Despite your employee's usual professionalism and good working habits, this costly and potentially devastating error still happened because the unfortunate staffer wasn't even aware the data was there. While metadata is a useful resource, ignorance of its existence in electronic documents can spell disaster for law firms and other legal professionals.
Metadata in a Nutshell
Put simply, metadata is simply additional information about existing data, or "data about data", and is used for discovery, archival and organizational purposes. Document metadata, for instance, may be the author's name, the creation date and a brief summary of its contents. Since it may pass through unnoticed, especially in a busy office, it's vital to install safeguards to prevent common metatdata blunders, which include accidental transmission in a legal setting.
Your First line of Defense against Metadata Disasters
Your first line of metadata protection starts with the education of your staff. In fact anyone in your office who comes into contact with metadata and may be in a position to accidentally pass it along to unauthorized parties needs to understand the risks. Proper training will alert your staff and attorneys to the presence of metadata and what they can do to avoid transferring it by accident. By making your staff aware of metadata's appearance, uses and functions, you'll help foster a more guarded environment regarding its use.
Vigilance regarding metadata and its use remains the key. By keeping an eye out for this type of data and developing business practices that eliminate the chance of inadvertent transmission, your firm or office will be in a far less risky position when it comes to potential confidentiality breeches. It’s also important not to get complacent. Refresher courses and updated training will help remind your staff of the importance of proper metadata handling.
The American Bar Association recommends you notify the sender of metadata your office is not authorized to have but opinions on the matter are divided across the country, with each state Bar Association or Ethics Committee having often completely opposing advice. Develop a notification procedure for accidental receipt of sensitive metadata and instruct your staff to follow it should that occur. When creating your procedure, be sure to include documentation of your notice to the person who sent the metadata to protect your office going forward.
Reducing Potential Mishaps further with Digital Defenses
Although no substitute for education and training, having automatic metadata removal software is increasingly becoming an essential feature of any firm or offices defenses against metadata nightmares. Features vary by program, but this type of software can automatically erase metadata from common file types, including Microsoft Office docs and PowerPoint presentations, in batches or by individual file, as well as alerting users before they send email attachments of the metadata contained within.
If you decide to go with metadata removal software, you'll need to research the available programs to find the one that best meets your law office's needs. Fully train your staff on the correct way to use the program you select and make sure it's being used correctly and on a regular basis.
Author Bio: Ali Moinuddin is Chief Marketing Officer at Workshare, who produce document comparison and review software for the legal profession. Ali has over 15 years of experience in supporting high growth companies and before joining Workshare. His previous roles include CMO at SkyDox, Director of Marketing at Interxion, Director of Marketing EMEA for SPL WorldGroup (now a part of Oracle), and Marketing Manager EMEA and Asia-Pacific at Kana. You can connect with him on Twitter.