(713) 965-7200
(713) 965-7200
Cybersecurity

Metadata “Leaking”: Securing Document Properties Before Production

Zachary Kitchen
  • 23 Apr 2026
Metadata Leaking Securing Document Properties Before Production

Article summary: Metadata leakage can expose confidential information through hidden document properties, comments, and PDF content. Metadata removal for law firms requires a repeatable pre-production workflow that fits Texas confidentiality expectations and the form of production. This reduces accidental disclosure and keeps productions defensible.

The most uncomfortable leak in a law firm isn’t always a leaked sentence. Sometimes it’s a leaked history.

A PDF that looks final still remembers who wrote it. A “clean” Word doc can quietly carry comments, tracked changes, and the internal back-and-forth that shaped the argument. A file can reveal client names, deal context, or strategy notes without showing a single extra word on the page.

That’s why metadata removal for law firms matters. Production isn’t just about what you intend to disclose. It’s about what the file can reveal.

What “Metadata Leakage” Looks Like

Metadata leakage is when a produced file reveals information that isn’t part of the visible content. 

In law firms, it often shows up in ways that feel almost unfair: the document looks correct, but the file still carries baggage.

Common examples include:

  • Document properties that show author names, usernames, company names, or “last saved by”
  • Hidden comments and tracked changes that reveal internal debate, edits, or strategy
  • Templates and file paths that hint at internal matter structure or client names
  • PDF hidden elements, like annotations, attachments, layers, form fields, or embedded objects
  • Version history and timestamps that create an unintended timeline of events

This is why production should be treated like controlled data sharing, not just sending a file. 

Secure sharing depends on understanding what’s being shared and applying consistent controls like access restrictions and good handling habits. 

What Lawyers Are Expected to Do

Texas doesn’t treat metadata leakage as a quirky tech issue. It treats it as a confidentiality issue.

The State Bar of Texas Professional Ethics Committee says lawyers must take “reasonable measures” to avoid transmitting confidential information embedded in metadata to people who shouldn’t receive it, and that this can include using “reasonably available technical means” to remove metadata. 

The key word is “reasonable.” 

The opinion explains that what’s reasonable depends on the facts, including what steps were taken, how sensitive the embedded information is, and who the recipient is. 

In other words, this isn’t a one-time checkbox. It’s a repeatable workflow that should match the risk of the document being produced. 

Sometimes Metadata Is Required

The trap is that many firms swing too far in the other direction: “Just strip everything.” That can cause problems in discovery and eDiscovery workflows, where metadata may be part of the expected form of production.

The EDRM production guidance notes that productions may be delivered in different formats (native, near-native, image) and may include load files, extracted metadata, and searchable text. 

This is why metadata handling can’t be improvised. 

Your team needs clarity on what you’re producing and why. In some contexts, removing metadata is the right confidentiality step. In others, producing agreed metadata fields is the requirement. 

The safest approach is deliberate: define the production format and metadata expectations up front, then apply the right hygiene steps for that specific scenario.

The Practical Workflow 

Step 1: Decide what you’re producing (and why).

Before you “clean” anything, confirm the context. 

Is this a routine share with a client, opposing counsel, or a vendor? Or is it a formal production where metadata fields are expected? 

This decision determines whether you should strip metadata aggressively, preserve specific fields, or produce in an image-based format with the right load files.

Step 2: Sanitize Office files using Document Inspector.

Microsoft’s Document Inspector is designed to find and remove hidden data and personal information in Word, Excel, and PowerPoint. This includes things like comments, annotations, and document properties. 

Microsoft also recommends running it on a copy of the file so you don’t destroy information you still need internally. 

Step 3: Sanitize PDFs the right way.

PDFs can still contain hidden information even when they look final.

Adobe notes that PDFs may include hidden data such as metadata, comments, and hidden layers, and provides a Sanitize workflow in Acrobat to remove that hidden content before sharing. 

Step 4: Verify the produced file before it leaves the firm.

Don’t assume “Remove” worked. Spot-check the output like a recipient would:

  • Open the file and check properties
  • Confirm comments and tracked changes are gone
  • Confirm PDFs don’t contain leftover annotations or hidden content
  • If you redacted, confirm it’s a true redaction 

Step 5: Preserve an internal original and produce a cleaned copy.

A safe workflow keeps the firm’s internal version intact and treats the produced version as a separate deliverable. 

Back everything up (no exceptions)” and work in a way that prevents one mistake from becoming permanent loss. 

Production Hygiene Is Confidentiality Hygiene

Metadata leakage is rarely dramatic. It’s usually quiet and avoidable. It happens when a firm treats production as “send the file” instead of a repeatable hygiene step.

A practical metadata workflow protects client confidentiality the same way good proofreading protects the record. It reduces accidental disclosure, keeps internal strategy out of the properties panel, and prevents last-minute scrambling before production deadlines.

If you want help standardizing metadata removal for law firms across Word and PDF workflows, contact Digital Crisis. We’ll review your current process and help your team build a clean, repeatable pre-production checklist.

Article FAQs

What is metadata leakage in legal documents?

Metadata leakage is when a produced file reveals hidden information that isn’t part of the visible content. That can include author details, comments, tracked changes, revision history, file paths, or hidden PDF elements. The document looks clean, but the file still carries confidential context.

Is metadata removal required in Texas?

Texas lawyers are expected to take reasonable measures to avoid transmitting confidential information embedded in metadata when sending electronic documents. What’s “reasonable” depends on the situation, including the sensitivity of the information and who will receive it. In discovery, metadata handling may also depend on the form of production and applicable rules.

What should never be included in a produced document?

Never include internal comments, tracked changes, hidden annotations, or document properties that reveal confidential client information. Avoid leaving author names, internal file paths, or strategy notes embedded in the file. The safest approach is to produce a cleaned copy that has been inspected and verified.

Does converting to PDF remove metadata?

Not reliably. Converting to PDF may change some properties, but PDFs can still contain metadata, comments, hidden layers, and other hidden content. If you need a clean production, you still have to inspect and sanitize the PDF before sharing.

Zachary Kitchen
Zachary Kitchen is the founder and CEO of Digital Crisis, where he helps law firms and businesses protect sensitive data, prevent downtime, and get more from their technology. With experience supporting over 7,000 organizations, he specializes in practical cybersecurity and IT strategies that improve day-to-day efficiency, not just security on paper.

Get Your Free Cybersecurity Guide

Protect your business with expert tips. Fill out the form to download our comprehensive guide and enhance your cybersecurity.

This field is for validation purposes and should be left unchanged.

By downloading you’re confirming that you agree with our Terms and Conditions.

What business owners are saying about us...

Read testimonials from satisfied clients who trust Digital Crisis for their IT needs. Discover how we’ve helped businesses like yours.

Quote icon

When Our Server Crashed, I Expected Downtime For Days, They Had Us Back in Hours

As a small law firm, we needed reliable IT support that wouldn’t break the budget—but still delivered at the highest level. Digital Crisis gave us exactly that.
 
They helped us modernize our systems, move to the cloud, and streamline how we work. Now our team can securely access everything we need from anywhere—and we’ve never been more efficient.
 
When our server went down unexpectedly, they had us fully operational again within three hours. No panic. No delays. Just fast, professional support when we needed it most.
 
With Digital Crisis, we feel like we have a world-class IT department—without the overhead.
Scott Davenport
Managing Attorney, Davenport Law Firm
Quote icon

We Knew Something Had to Change

As a managing partner of our firm, I needed a technology partner who understood urgency—and our old IT company just didn’t get it. Every time we had an issue, we were forced to submit a ticket just to speak with someone. No one ever answered the phone. Everything felt like a battle, and we were stuck in a long-term contract with no flexibility.

 

When I called Digital Crisis, they picked up immediately. No ticket. No runaround. Just answers. Within minutes, they had already started helping us.

 

Looking back, I wish we had made the switch sooner. I didn’t need to be a tech expert—I just needed to make one good decision for my team. Now our systems are secure, we actually get support when we need it, and I don’t have to worry about IT holding us back.

 

If you’re tired of being ignored by your IT guy, do what I did. Take back control. Call Digital Crisis.

Rudy Culp
Managing Partner, Horrigan & Goehrs, LLP
Quote icon

I Couldn’t Afford IT Headaches When Starting My Firm

As the Managing Partner of a newly established law firm, I can confidently say that the seamlessness of our start-up is due in large part to the exceptional IT support provided by Zach and the team at Digital Crisis. From day one, they have been more than just a service provider—they've been true partners in our success.

Zach and his team have an incredible ability to anticipate our needs before we even voice them. Their proactive approach, deep expertise, and commitment to keeping our systems secure and efficient have given us the confidence to focus fully on building our practice.

Having reliable IT support is critical in the legal field, where security and uptime are non-negotiable. Thanks to Digital Crisis, we’ve had both—plus the peace of mind that comes from knowing we’re in capable hands. We couldn’t ask for a better tech partner.

Stacy Kelly
Mangaing Partner, Texas Probate Attorney, PLLC
Quote icon

They’re a Valuable Member of Our Team

Zach is great at explaining to us about our IT in plain-speak, rather than “geek-speak.” I genuinely feel like hiring Digital Crisis was the best decision I’ve made for my firm. If you want an IT expert who charges reasonable rates and is not just an IT guy, but a valuable member of your team, call Zach.
Keith Morris
Founder, Surplus Attorneys
Quote icon

My Firm Runs Like a Well-Oiled Machine

I’ve worked with Zach for over 15 years. Digital Crisis takes their time to understand my practice and doesn’t try to shove a cookie-cutter system down our throat. When Digital Crisis first came in, they took the time to understand our firm and helped streamline and modernize our processes.
Kelly Forester
Senior Partner, Matthews Forester Law Firm
Quote icon

My Firm’s Efficiency DOUBLED Overnight

I thought my firm was doing just fine with my previous IT setup- boy, was I wrong! Digital Crisis came in Updated Equipment and Technology. I wish I had used them ten years earlier when I first met Zach. You will be sold immediately by their knowledge, patience, and willingness to help.
Craig Ribbeck
Senior Partner, Ribbeck Law Firm
Quote icon

Digital Crisis Saves Us Thousands Every Year

We used to enter data quarterly that would easily take an average of two weeks each quarter to enter. Then, when Digital Crisis came in, they fully automated our process, taking minutes instead of weeks to process the same data, not only faster but more accurately, removing room for human error. The new system gets things done faster and saves us thousands every year in labor alone!
Sandy Hickey
Executive Assistant, PAS Online
Quote icon

We Make Money FASTER Because of Digital Crisis

In 2010, my business had an old DOS-based server from 1995 that ran our proprietary software, which crashed. If it weren’t for Zach, we’d have to start completely over! Not only was Digital Crisis able to restore all our data, but they were also able to migrate us to a modern system which allowed us to get paid faster and work remotely.
Sandra Van der Vorm
Owner, Vansteen Marine Supply
Quote icon

They Rescued My Practice

On a Friday, my practice had to be moved immediately without any notice. Digital Crisis not only managed to come out and get our IT up and running, but they had our phones and internet up and running by Monday morning, and we didn’t lose a single day of business!  I can’t recommend Zach and his team enough.
Marietta Cline, MD
Owner, Cline Pediatrics
Quote icon

I Never Lost a Day of Work During the Pandemic

Zach truly understands my firm’s needs and always provides valuable tips and tools to make my firm run more efficiently. For example, when the COVID pandemic hit in 2020, I didn’t lose a single day of work since Digital Crisis had me set up on their cloud system, and I could remote in from anywhere.
Pamela Stewart
Owner, Law Office of Pamela Stewart
read more from our clients

Protect Your Network Against Cyber Threats

Contact Digital Crisis for a network security consultation and ensure your business is safeguarded against cyber threats.

This field is for validation purposes and should be left unchanged.

Related Posts

Lorem ipsum dolor sit amet, consectetur adipiscing elit.

AI Data Leak Prevention in Law Firms
AI
AI Data Leak Prevention in Law Firms
 Read More
Free scam phishing fraud vector
Cybersecurity
Is Your Invoice a Deepfake? Securing Your Accounts Payable Process Against Voice and Email Cloning
 Read More
Free hacker anonymous cybersecurity vector
Cybersecurity
Adversary-in-the-Middle Attacks: How Phishing Sites Steal Your Active Login
 Read More