Editor: There has been a lot of news around metadata and how this is jeopardizing the privacy of information and documents.
Hadfield: Interestingly, I recently saw news reports about protests against NSA snooping in Washington, DC, and one of the placards read, “Hands off my metadata.” I would say that, thanks to the recent news, “metadata” has definitely entered the vocabulary of the person on the street. It’s probably worth spelling out exactly what the word means. Metadata is data about data. All electronic files – documents, photographs, spreadsheets – contain information about the content beyond what’s on the surface, for example, data about the size of an image or the formatting of a document. The metadata attached to a document might also include potentially sensitive financial information or hidden comments, and that’s the issue.
Editor: What implications does this recent press around metadata hold for corporate counsel?
Hadfield: I believe it’s a good thing. The recent news is raising the profile of metadata and it is bringing the issue to the fore for corporate counsel. Metadata can pose significant risks. Corporate counsel must now take metadata contained in ESI (electronically stored information) as seriously as they take the documents themselves.
We often discuss the legal implications of data leakage – in which data is lost or accidentally disclosed to other parties – in the e-discovery context. Corporate counsel are now increasingly aware of the risk associated with metadata leakage and are beginning to understand that they should be addressing metadata concerns as conscientiously as they do e-discovery. Hopefully conversations like the one we are having today will encourage that behavior.
If a court submission is not properly “cleaned,” metadata such as tracked changes or other information about its editing history will be exposed. You can imagine that kind of metadata could be very damaging – or present considerable privacy risk – if it fell into the wrong hands.
Corporate counsel must be very circumspect about what data and metadata is being shared, and so it is critical that they have the ability to analyze what’s there, and if necessary remove unwanted metadata from the file literally before it leaves the building. An effective metadata cleaning tool is an essential component of corporate counsel’s toolkit.
Editor: Yet, in an e-discovery context, you would need to leave the metadata as it stands.
Hadfield: Correct. Understanding what metadata is present in a document gives us the knowledge and the insight to be, as I said earlier, circumspect about that data. For example, I am negotiating a contract. My job as a corporate counsel requires that I not share the previous version of that contract with the other party, so clearly I do not want that version to leave the office. Now, the “good” metadata – which perhaps indicates that I created the document on August 9 and matches some proof that I sent it out via email to the counterparty on August 10 – might be vital within an e-discovery scenario. But from a commercial standpoint, certainly I do not want the other party to know about a clause I have removed. Indeed, in some industries, allowing “bad” metadata to leave the organization would violate certain regulations. To be made aware of metadata and then to be able to selectively remove pieces of it before a document leaves the company is absolutely essential.
Editor: How can corporate counsel ensure their documents and the accompanying metadata are kept completely secure?
Hadfield: Workshare has a well-known desktop product called Protect through which millions of legal documents pass every day between law firms and corporate counsel at most of the Fortune 1000 companies worldwide. The Protect software wraps itself around the email client, which is usually Outlook. At the point of attachment, Protect conducts an analysis of the attachment – including its metadata – and gives the sender the option to selectively remove metadata from that attachment.
In the last few months we have made significant improvements to our Protect offering, which is now called Interactive Protect. In parallel with the increasing awareness of metadata, this solution provides the sender with much greater insight into the metadata within a document. As soon as you attach a document to your email, Interactive Protect analyzes that document, alerts you to the presence of metadata to a granular degree and offers you very educated options about how to deal with that metadata.
We’ve also vastly improved the functionality of Protect in the server-based product – it complements Interactive Protect, but this time it integrates with the mail server itself. This means that all emails can be cleaned of metadata, whether they are sent from a desktop computer, from a laptop, and even from a mobile device. This is critical at a time when legal professionals are increasingly using mobile devices. In this way, Workshare has covered all the bases for today’s mobile worker.
Editor: Does the fact that corporate counsel and attorneys work with mobile devices have an adverse effect on the security and privacy of documents?
Hadfield: The mobile way of working has introduced a new phenomenon called BYOD, or bring your own device. There is great potential for risk with BYOD because by definition the user’s device has not been supplied by his or her IT department. The technology that goes on the device has not been sanctioned by IT, and so the company’s data security policy cannot be implemented. At the same time, to be successful in today’s fiercely competitive world, there is pressure on corporate counsel to get out there and travel, to get closer to their customers. So there are many very compelling business reasons to work on the go, but our mobile device behavior when traveling unfortunately takes us outside the realm of the controlled world of the IT-sanctioned devices. Workshare is particularly interested in how this new behavior exposes risks and what practical steps we can take to diminish those risks.
Each year, Workshare conducts a survey of professionals’ behavior across a wide range of industries, with an emphasis on the legal market. This year, the survey focused on this new mobilized workforce behavior, and we recently published the results. One of the most startling statistics that came out of the report was just how many legal professionals use a mobile device to access work documents – a massive 96 percent of respondents. What amazed me is how that number compared to other industries such as finance (91) and healthcare (90). The legal profession is leading the charge in this hypercompetitive way of working. The worrisome survey finding, however, was that out of that huge percentage of legal professionals who are accessing documents on the move, only 30 percent of them are deploying methods that have been sanctioned by IT. That is what we are most concerned about.
Furthermore, it’s likely that many legal professionals are unaware of the problem because the metadata they are sharing is not visible to them. If you are a banker, your product formula – your intellectual property – is right there on the spreadsheet, and so you will probably think twice about sharing it. But if you are a contract negotiator, unfortunately, much of the history of the contract is not right there. You have a completed document that looks pretty safe, but of course embedded in that document is all kinds of hidden metadata.
Public wifi poses yet another threat. In addition to unsecured devices and file-sharing apps, networks themselves are typically unsecure. Many of us use free wifi at airports and coffee shops, and those networks lack the controls and security components that the office wifi has.
Editor: How can this complicated problem be tackled?
Hadfield: One of the things Workshare has been doing for many years – and remember that we’ve been in the business of protecting documents as they are shared for more than a decade – is to get ahead of the way that corporate counsel and other professionals need to work and be ready to support them. We understand that people are working in this new way for absolutely valid business reasons, and so we are not looking to restrict them. Instead, we are building an infrastructure that enables this way of working and does so in a way that substantially addresses security and compliance requirements. While this is certainly a difficult task, it is also the kind of challenge Workshare has been meeting successfully for years. Particularly with the new technology we have been rolling out recently, we are definitely in tune with both the needs of today’s mobile user and the concerns of the organization.
Editor: How do you think the influx of mobile devices in the workplace will affect the way corporate counsel work in the next five years?
Hadfield: I think the obvious benefits in being mobile and more flexible include not only increased efficiency but also the ability to bring documents to completion faster. Imagine you are in the contract negotiation stage. If you can show up at a meeting with a document you can share and work from together, you’ll reach the final version of that contract with far fewer revision cycles and less scope for error. With greater efficiencies and reduced costs, overall the mobile workplace offers tremendous cost-value benefits. So I imagine this natural trend will continue, and being mobile will become the norm. We hear many analysts speak about a “post-PC era” and how sales of mobile devices are already outstripping sales of traditional desktop computers. I also anticipate that this will have an impact on workflows, which will themselves become more flexible and externally focused.
At the same time, for the most part, the folks who look after the data security policy and compliance inside of organizations are not yet fully supporting this new way of working in a very secure way. That said, in the last year we have seen a real shift in IT’s attitude towards enabling this new way of doing business rather than restricting it – especially in forward-looking companies and law firms.
Editor: Do you think this will have an effect on the way corporate counsel communicate and share ideas?
Hadfield: There are new technologies and new ways of working, and these are being driven by the requirements of business. First, take social collaboration, which is something that we at Workshare have been investing in. Social collaboration provides a forum where people can share ideas and gather opinions. On Facebook, users post status updates that invite conversation — a photo or link gets a lot of likes, and our attention is drawn to it. Social networking has changed the way we communicate, and consequently it is affecting the way we work. So it’s not surprising that we are beginning to see similar functionalities being rolled into document collaboration.
Second, professionals today expect to have flexible processes and flexible working environments. Work is becoming something that you do, as opposed to somewhere you show up. Workshare is building the tools to enable this new way of working, and we’re doing so in a highly responsible way. Remember that data security and safety are absolutely at the heart of what we do. Our solutions empower professionals to engage in this new collaborative, mobile work environment – in fact, we often speak in terms of “reinventing” work – without the risks associated with BYOD, data/metadata leakage and so on. Getting that balance right – which we think we have done and which we will continue to do – will have a tremendously positive impact on the way people work.
Published November 19, 2013.