Categories: corporate finance
What would your project sponsor think if you leaked sensitive company information or financial data to a third party?
Maybe you think that you'll never have to answer that question because you subscribe to the PMI Code of Ethics and Professional Conduct, or because your personal ethical boundaries mean that you would never give away company secrets under any circumstances.
OK. But what if I told you that employees at Google, Barclays and the Pentagon all leaked sensitive information without knowing about it?
According to a new guide from document collaboration software firm Workshare, metadata in documents can give away company secrets.
What's metadata? It's all that stuff Microsoft puts into your document: comments, the version history, and corrections made through the 'track changes' feature. Metadata is automatically added to Microsoft Office documents whenever a document is created, edited or saved. If you use collaboration features such as opting to record your changes in PowerPoint so that you can send them back to the document's original author, then all that is stored as metadata too.
Document properties often store the name and organisation of the author. If you repurpose a PID, for example, to use for another client, be careful about what detail is stored in the properties that could give away who else you work with.
The Workshare report details several widely publicised, high profile cases in which metadata has landed organisations in hot water. For example:
- Google let slip financial forecasting information which was hidden in a PowerPoint document which was circulated to the Wall Street community.
- Barclays accidentally shared contract information in hidden columns in an Excel spreadsheet when it submitted a bid to buy assets from Lehman Brothers.
- The Pentagon leaked information about the death of a U.S. agent in a PDF document with hidden information.
Even if you aren't dealing with multimillion dollar deals or sensitive financial models you should still be careful about what you could be unwittingly sharing. Circulating financial information about your project could be commercially damaging even if it is a small project. Worse, the company could end up in legal hot water with fines to pay if sensitive data is leaked. No project manager wants to be the one who got the company sued.
So should you stop using track changes? Of course not. Metadata is useful for identifying, indexing and managing documents. Track changes makes editing project documents that have several rounds of revisions possible. Just be careful about what you send outside the organisation.
The report does recommend that you make an effort to strip out comments and revisions before you send documents to people outside the company.
Here are some tips for your documents:
- Remove the names of reviewers and the comments they have entered into the document or revisions they have made.
- Check document headers or footers in every section to ensure logos are removed.
- Remove hidden text.
- Delete hidden columns and worksheets in Excel; don't just hide them.
- Delete macros in the document.
- Turn off 'fast save' in Word as this only stores revisions which allows readers with some text editors to see how the document has evolved including anything that was deleted.
In short, be smart about what you circulate to avoid exposing your company's financial data or other secrets when you share documents.
You can read the whole report here: www.workshare.com/collateral/misc/Dangers_of_Document_Metadata.pdf