“Your conduct undermines the public’s confidence in the legal profession.”
Ouch.
No lawyer wants to hear that
from their state bar association, but it’s what the ARDC—the agency that regulates lawyers in the state of Illinois—told an attorney who didn’t redact personal details of defendants in documents he filed in court.
His name went into the public record in association with misconduct—not a serious violation, but enough to scare off potential clients and justify more serious disciplinary action in the event of future misbehavior.
If that seems extreme for a minor PDF mistake, it’s because the issue wasn’t document formatting. What upset the ARDC was the lawyer’s disregard for protecting people’s privacy.
Just like him, professionals of all areas sometimes fail to adequately prepare their PDFs for sharing. Knowing how to do that, however, is becoming increasingly important.
PDF is the most widely used format for sharing and presenting information online. When we share a PDF document—whether by publishing it on a blog, submitting it to a website, or sending it via email—we are potentially sharing it with the entire world.
Not understanding the security risks involved can get you into big trouble.
But we’re here to help. In this post, we’ll break down five very common—and very risky—mistakes office workers make when sharing PDFs. We’ll also teach you how to avoid them so you can keep your job and your reputation intact.
Mistake 1. Forgetting to add a stamp or a watermark
In many industries, professionals have access to inside information that they can’t make public until a certain date. That’s especially common in the media or news industry, where journalists and their sources carefully negotiate the terms for sharing exclusive information.
When these agreements are broken, either due to a lack of organization or a breakdown in communication, the consequences can be catastrophic.
How to avoid this mistake: Add a stamp or a watermark to embargoed content to make unequivocally clear when the content cannot be made public until a certain date.
Mistake 2. Failing to protect privacy and confidentiality
Professionals and organizations are responsible for protecting their clients’ information.
Legal malpractice attorney Eric Bland told Yahoo: “A client’s information is their property. When they transfer it to us, we have a duty to maintain that information. Once it’s out, it’s out. And the exposure for an attorney in that situation is monumental. The damages could be in the hundreds of millions of dollars.”
As we mentioned in the intro, a Chicago attorney was publicly reprimanded by the ARDC for causing defendants' personal identifying information to be available to the public and viewable online.
How to avoid this mistake: Delete sensitive information from documents, through redaction or metadata removal, before making them public.
Mistake 3. Hiding sensitive information as opposed to removing it
A Transportation Security Administration (TSA) employee inadvertently divulged the TSA’s secret screening methods by posting its standard operating procedures manual online.
Lawyers of a high-profile court case accidentally revealed sensitive information when filing a document in court.
New York Times journalists who published National Security Agency documents failed to omit the name of the agent who leaked them.
Did they not think to remove this information? They did. Unfortunately, the method they used—placing black boxes over text—does not work. Anyone can use Copy+Paste to view content that’s hidden this way, which is exactly what happened.
How to avoid this mistake: Use a redaction tool to remove sensitive information from documents.
Mistake 4. Not removing the metadata
In addition to redacting sensitive content from PDF files, professionals may also have to remove metadata, especially when potentially identifiable information in it can put someone’s safety at risk.
As senior security analyst Larry Pesce notes in a paper titled “Metadata, The Silent Killer,” metadata can reveal more than the date and the time a file was created and a document’s tracked changes.
He cites a photo that The Associated Press (AP) published in 2006 of a hacker who admitted to committing cybercrimes. Although the AP photographer was careful not to show the hacker’s face, the image metadata revealed the location where the photo was taken.
In 2012, Vice journalists also failed to delete the metadata from a photo they published of McAfee Virus Protection founder John McAfee. Using the photo metadata, the police were able to zero in on McAfee’s location and arrest him. Vice issued an official statement about the event.
How to avoid this mistake: Always delete the metadata that puts your clients or sources at risk, unless you are legally required to keep it unaltered.
Mistake 5. Not setting passwords
While it doesn’t make sense to redact sensitive information from documents you and a client need to agree and/or collaborate on, setting passwords is an important security measure.
Professionals and their clients may have assistants, secretaries, and spouses who access their inboxes. Without password protection, sensitive information may be compromised.
How to avoid this mistake: Set a user password to ensure only those with the password can open and view documents containing sensitive information. If possible, ask clients to do the same when sharing sensitive documents with you via email.
Avoid these five mistakes when sending PDFs
Knowing the five mistakes to avoid when sharing PDFs will prevent you from accidentally making sensitive information public.
To recap, here are the five things not to do when sharing PDFs:
- Forget to add a stamp or a watermark
- Make private information public
- Hide sensitive information as opposed to removing it
- Not remove the metadata
- Not set passwords
PDFpen helps you secure your PDF files through stamps and watermarks, redaction, metadata removal, and password protection. Download a free trial.