NetworkWorld, Thu, 05/31/12
Do you ever sanitize Microsoft Office products? Have you ever stopped to consider the potential privacy risk from personal metadata that is embedded in Microsoft Office products? Here’s how to remove it
Yesterday Microsoft announced Office 365 for Government. Since “security and privacy play a big role in any decision to move to the cloud,” the feds' version will reside on separate servers than from the standard Office 365 users. Like Google has done in the past with Data Liberation, Microsoft Office 365 Trust Center offers customers the option to download “a copy of all of your data at any time and for any reason.” On the same “it's your data” portability page, it states “To download a copy of end-user metadata (such as email address, first and last name, etc.), you can use Powershell cmdlets, including the Get-MsolUser Windows Powershell cmdlet. If you use Exchange Online, you can also utilize the Get-MailUser and Get-User Exchange Powershell commands.”
While Get-User Identity is a handy optional command, there are other times when users do not stop to think about the potential privacy risk from personal metadata that is embedded in Microsoft Office products.
The NSA tackled the subject years ago with a document called Redacting with Confidence: How to Safely Publish Sanitized Reports Converted from Word to PDF [PDF]. Metadata has the potential for “exposing information unintentionally.”