Avoid accidental information leaks

PUBLISHED : Tuesday, 25 April, 2006, 12:00am
UPDATED : Tuesday, 25 April, 2006, 12:00am

PREVENTING THE widespread privacy breaches, intellectual property leaks and inadvertent financial disclosures that sometimes result from negligence has become a challenge for all businesses and organisations.

Many are discovering that confidential information which, on the surface, has been removed from an electronic document, can come back to haunt the author if measures are not taken to thoroughly 'sanitise' it.

In the instance of Semiconductor Manufacturing International Corp (SMIC), a chip foundry listed in Hong Kong and the United States, a Microsoft Word document distributed in readiness for a press conference inadvertently revealed the firm's results for the fourth quarter of 2005 when the tracking function in the file was activated.

The leak gave stock traders and investors in the US access to the company's financial results a full trading day ahead of the official announcement, allowing them to steal a march on their Hong Kong counterparts.

SMIC blamed its public relations consultants.

And the company is not the only one.

Google made a similar blunder last month when overlooked notes buried in a publicly distributed Microsoft PowerPoint presentation revealed confidential financial projections.

In another case, directors at Australian bank Westpac were left with red faces when an employee sent out the company's earnings announcement in a PDF file last November before it had been rubber stamped by the Australian Stock Exchange.

Even government authorities have been guilty of negligence.

The US government suffered a series of embarrassing and damaging leaks when metadata - information hidden in electronic documents - revealed the identities of the people who had worked on sensitive documents, prompting the National Security Agency to issue technical guidelines at the end of last year instructing US officials how to cleanse electronic documents before release.

Workshare is a company that believes it can eradicate these problems with its suite of document and data security products at a time when the internet has, in the words of a company spokesperson, helped foster a culture of disregard for personal privacy within corporations and government agencies.

Director for sales Asia-Pacific, Samia Rauf, said: 'Workshare recommends organisations undertake the following three steps or deploy an automated document integrity system to prevent the inadvertent transmission of confidential information.

'One: convert content from risky to safe by cleansing and removing hidden information such as track changes, speaker notes, hidden columns, etc contained in MS Office files.

'Two: contain potentially dangerous visible information at the desktop and server by monitoring and blocking unauthorised content.

'Three: control sensitive information using document restrictions and on-demand PDF capability. Record policy violations and hold individuals accountable for their actions.'

The key feature of the Workshare product is a content filtering process called Document Hygiene, which prevents the release of information that violates privacy, intellectual property and financial disclosure policies.

'As our dependence on communication channels such as e-mail and the internet increases, the list of confidential leaks pouring out of banks, financial services companies, police forces, internet companies and others is growing daily,' Ms Rauf said.