Metadata - Protecting information in digital documents properly

Metadata & GDPR - Safeguarding Information in Digital Documents

The relentless march of digitization knows no bounds and has infiltrated every aspect of office life. Working on a computer has become second nature over time. From rental agreements to shopping lists, all sorts of information and data can now be stored in digital documents. Digital documents encompass formats like Word, Excel, and PowerPoint files, as well as familiar PDF documents used for articles or forms.

The Magic of Digital Documents

While offline documents are created and stored with only the information contained within, many files created on computers contain something called metadata.

Metadata consists of additional information embedded within a file. These data emerge when a digital file (e.g., doc, docx, xls, xlsx, pdf, jpg, etc.) is created and saved. In such files, alongside the document's contents, additional information, known as metadata, is stored. These details may include information about the person who created the file.

What Information Does Metadata Contain?

Metadata encompasses various details about the author or authors of a document. Typical metadata includes author names and information about the software currently in use. In some documents, storage paths or IP addresses can also be recorded. Additionally, access rights and timestamps for document changes can be saved.

How Can You Protect Your Metadata?

Just like offline documents, when creating digital documents, general data protection regulations apply to ensure the secure handling of collected and stored data. To protect your data, you can remove metadata from created files. Since this information is often unknown to many users, metadata is frequently not intentionally deleted or forgotten. In most software programs, you can view and delete metadata under the "Details" section of a document.

What Dangers Do Metadata Pose?

Metadata poses a range of risks, both in personal and business contexts. This is largely because many people are unaware of the mere existence of this data. Furthermore, the dangers posed by metadata are often underestimated when they fall into the wrong hands.

Since metadata contains a plethora of personally identifiable information, it can be used to create detailed digital profiles of individuals. Due to the high density of data in metadata, individuals can even be traced back to their social media profiles. Beyond simply spying on individuals, the interest of third parties can extend to stalking. They can use the collected data to access the social media channels of the respective individuals. In addition to accessing these profiles, third parties can create fake profiles and use them for various, often criminal purposes. The affected individuals are usually unaware of these activities.

In addition to the criminal use of metadata, it can also be of great benefit to companies. If a company receives a document containing metadata, it can use the additional information to improve its targeting, for example. However, companies can also be spied on in the same way. Inadvertently transmitting internal company metadata makes companies vulnerable to targeted attacks.