TurboLaw Software

Easy-to-Use Software for Legal Professionals

(800) 518-8726

info@turbolaw.com

Solving the Problem of Sending Sensitive Files via Email

June 19, 2009

A common problem for law firms (and for businesses in general) that is getting increasingly more attention these days is how to share files and documents between people – such as between a lawyer and a client, or between members of a team that are not physically in the same office. (Such sharing is often described as collaboration.)

The classic approach to this – and the one most people probably think of first – is to simply email the files to whomever needs them, have them edit the files, and then email them back. This method is relatively easy and popular because most people already know how to use email.

However, increasing privacy and data protection laws, as well as the increased risk of identity fraud (a.k.a. “identity theft”) have made many people re-think the classic approach of emailing files around.

This is because there are lots of downsides to using email to share files:

• Sending a large number of files is cumbersome
• Different email providers all have different limits on the maximum size of attached files
• Email has no “security” built in – because emails are sent “in the clear” they can potentially be intercepted and read, or even modified
• Sharing files with multiple people for collaboration (shared editing) is basically impossible
• Some people are trained to avoid opening attachments because of past experiences with viruses
• Some email programs (notably Microsoft Outlook) just flat-out block certain types of attached files

Part of the problem is that sending files via email is simply not what email was originally meant for. Email was originally “text only” – the ability to “attach” files to email was not originally part of the email specification. In fact, attachments were sort of “grafted” on much later – circa 1996, in fact.

Fortunately, there are better options for sharing files instead of email – and they are just as easy to use. You just need to know about them.

There are several “file sharing” websites and services available these days – precisely because of the need to share files without sending them through email. We’ve picked out two that are a good match for law firms and other small businesses: Box.net and drop.io.

(Full disclosure: we are not affiliated with these companies in any way – we have picked these two based on the merits of the services they provide.)

Both of these websites offer the same basic service: upload your file (or files) to their server (protected with a password if you wish) and then get a link you can give to other people so that they can get the file. Basically, both of these websites are acting like digital “drop boxes.”

Both websites offer a “free” service that is limited in the number of files you can save, and both offer a paid service that gives you a lot of space to store files (useful if you’re sending big files – like videos or audio transcriptions – back & forth). 

Both of these services allow you to organize the files you upload, control what access people have to them (for example, you might want to give someone only the permission to download the file, but not to re-upload it back), and set “expiration dates” for the “drops” that you create. All of these options give you incredible control over how you end up sharing files and documents with your clients and with other firms.

These services are managed via the web, so you can upload files from wherever you are. And because they are both web-based, you don’t have to worry about whether the person with whom you are trying to share files has a PC, a Mac, or whatever. If they can get on to the Internet, they can get the files.

The best parts of these services, though, are that they provide you with a simple, secure, safe, and controlled way to share documents, forms, and other files with your clients or other law firms – without exposing yourself to the potential problems that come with sending things via email. And you can do all this very easily from a web site, without needing to have an IT person come in and set it up for you – which is a real bonus in these tough economic times.

If you send documents back & forth frequently via email – especially confidential or sensitive documents – you really should check out one of these type of services. They may just end up saving you from a lot of trouble later on down the road.

Icon courtesy of the Crystal Icon Set. Box.net and drop.io logos are trademarks of their respective companies.

Technology & Law – Vol. VI

May 10, 2006

“Technology & Law” is a semi-regular column posted by Keith M. Survell. It deals with the interaction of technology and security with the modern law office.

“Who knows what secrets lurk in the hearts of documents?”

If you use e-mail to send documents back and forth between clients and counsel, chances are that someone has read more information from your document than you intended – maybe even a lot more.

The problem is “metadata,” which means “information about data.” It’s all the statistical information stored along with your documents that allows your computer to tell you who was the last person to edit a document, how many words are in your document, and what changes were made to the document by every person who had opened it previously.

Consider this scenario: you’re working on a document for a client (let’s call him “Client A”), but you need to start a new document for a different client (let’s call him “Client B”). You need to make the same type of document for Client B, so rather than start from scratch, you simply change some text in the current Client A document and save it into Client B’s file. Then, when you’re done, you e-mail it to Client B. What you may not realize, however, is that you may have just emailed a complete copy of Client A’s document – including all the possible sensitive, personal information – to Client B.

This sort of problem is becoming more and more frequent as an increasing number of people send documents – especially word-processing documents like Microsoft Word or Corel WordPerfect – back and forth via e-mail. Unlike printed documents, e-mailed documents can retain all of the file’s information, which often includes things such as the name of the last person to edit a document or fragments of text that had previously been deleted.

One solution that a lot of people are turning to is the Portable Document Format, more commonly known as PDF. When a document is converted to PDF, it loses a lot of the hidden information that the original document contained. However, PDFs are not a perfect solution. Depending on the settings you use when converting a document to PDF, most PDF creators try very hard to preserve everything about your document when it is converted to PDF – which can include hidden information. If you are sending redacted documents via PDF, it may still be possible for people to read the information you have blacked out – especially if you have simply highlighted words or paragraphs in black. Some PDF creators dutifully convert the blacked-out text when the PDF is created – and an industrious user can simply highlight the blacked-out text and read it. This is because the text is still there – it is just covered by a layer of black highlighting. This particular method of revealing redacted information has been used on documents released by government agencies – much to their chagrin. And it’s not just overzealous reporters who are looking for hidden information in documents – some attorneys regard this hidden information as a great source, and they regularly “mine” the data out of any documents sent to them. This has become such a privacy concern that some states’ bar associations have ruled the practice unethical.

There are ways to protect yourself from this kind of exposure, of course. Avoiding “copy and paste” creation of new documents can help keep sensitive information out of documents. If you use a document assembly program (such as TurboLaw) to create your documents, you’re even better off, as each document is created “cleanly” from a template that has no personal information in it.

Many of the options to save hidden data are turned on by default in most word processors, but they are options and can thus be turned off. Here are some tips on how to turn these options off for users of Microsoft Word:

Turn off “Fast Saves”
To turn off this option, click the “Tools” menu and choose “Options.” Then, click on the “Save” tab and un-check the box labeled “Allow Fast Saves.”

Remove “Hidden” Information
To stop Word from saving information about who has created or modified a document, click on the “Tools” menu and choose “Options.” Then, click on the “Security” tab and check off every box under the heading “Privacy Options.” This will stop some information from being saved, as well as give you warning when you are saving a document that contains other information (such as tracked changes).

Turn off “Versioning”
Word’s Versioning feature saves multiple copies of your document, providing a nice history of all the changes that have been made to it. Before you send a document to someone, you should check to make sure that you don’t have any saved versions hidden in the document. To do this, click the “File” menu and choose “Versions.” In the dialog box which appears, click on any versions which appear and click “Delete.”

Don’t use Highlighting to Redact Information
If you are going to send a document to someone else and you want to hide sensitive information (such as Social Security Numbers), you shouldn’t use the “highlight” feature in Word to redact the information. Instead, delete the information and replace it with something else, such as “xxx-xx-xxxx.” This will ensure that no one will be able to extract the hidden data beneath the highlighting. (You can, of course, put the original Social Security Number back after you have sent or converted the document.) This method is especially useful when converting a document to PDF.

Beware of “Track Changes”
The “Track Changes” feature is wonderful for collaborating with other users and when many people need to make changes to a document that is then reviewed by someone else. However, if turned on inadvertently, the Track Changes feature can save all of the edits and changes you have made to a document – which will then be visible to whomever you send the document. Turning off the Track Changes feature doesn’t remove the information, either – it’s still there, it’s just not shown onscreen.

To get rid of tracked changes and comments, you need to accept or reject the changes and delete the comments. Here’s how:

1. On the View menu, point to Toolbars, and then click Reviewing.
2. On the Reviewing toolbar, click Show, and then make sure that a check mark appears next to each of the following items:
   Comments
   Ink Annotations (Word 2003 only)
   Insertions and Deletions
   Formatting
   Reviewers (Point to Reviewers and make sure that “All Reviewers” is selected.)
   If a check mark does not appear next to an item, click the item to select it.
3. On the Reviewing toolbar, click Next to advance from one revision or comment to the next.
4. On the Reviewing toolbar, click Accept Change or Reject Change/Delete Comment for each revision or comment.
5. Repeat steps 3 and 4 until all the revisions in the document have been accepted or rejected and all the comments have been deleted.

Convert Documents to PDF
In addition to all of the steps above, converting a document to PDF is one of the best ways to prevent sensitive information from being inadvertently disclosed to other parties. You can purchase Adobe’s Acrobat product to convert documents to PDF easily, or you can find several basic (but free) PDF-creating packages on the Internet.

For More Information
The following links provide more information and insight into the problem of hidden information in documents.

Colorado Bar Association: “Metadata: Hidden Information in Microsoft Word Documents and Its Ethical Implications” (PDF Link)
NSA Redaction Guidelines: “Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF” (PDF Link)
Microsoft Office Online: “Get rid of tracked changes and comments, once and for all”

• Subscribe

   Subscribe to our RSS feed

• Search for:

• Categories

  • Announcements
  • Ask The Geek
  • General
  • Legal
  • Newsletters
  • Tech
  • Technology & Law
  • Time and Billing Tips
  • Tips
  • TurboLaw Tips

• Tags

  announcement Ask The Geek billing divorce document software editing email error error messages events evidence excel financial forms forms guest bloggers help law Legal Legal Blogs legal news links massachusetts metadata news new software office 2007 privacy probate law reports screenshots security self-help software switching to turbolaw Tech technology time and billing timekeeping Tips turbolaw updates video word word 2007 word errors

• Archives

  Select Month August 2010 June 2010 May 2010 April 2010 March 2010 January 2010 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 2007 October 2007 September 2007 August 2007 July 2007 June 2007 May 2007 April 2007 March 2007 February 2007 January 2007 November 2006 October 2006 September 2006 July 2006 May 2006 April 2006 March 2006 December 2005 November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 May 2005 April 2005 March 2005

• Legal Blogs

  • A Criminal Waste of Space
  • Acrobat for Legal Professionals
  • ACS Blog
  • Adam Smith, Esq.
  • Appellate Law & Practice
  • Criminal Appeal
  • Ernie the Attorney
  • Evan Schaeffer’s Legal Underground
  • Groklaw
  • Inside the Firm of the Future
  • LAWTECH GURU BLOG
  • Legal Ethics Blog
  • Legal Technology Blog
  • Legal Theory Blog
  • Mass Bar Association
  • Massachusetts Lawyer Blog
  • May it Please the Court
  • Media Law
  • New York Civil Law
  • Point of Law
  • PrawfsBlawg
  • Rory Perry’s Weblog
  • Sentencing Law and Policy
  • Stark County Law Library Blawg
  • Strategic Legal Technology
  • TechnoLawyer Blog
  • The Becker-Posner Blog
  • The E-Legal Lawyer
  • The Patry Copyright Blog
  • The Volokh Conspiracy
  • Underneath Their Robes