Document Privacy

Remove Metadata for Privacy: PDFs, Word, Excel, and PowerPoint

Affiliate disclosure: This page contains Amazon affiliate links. If you purchase through them, I may earn a small commission at no extra cost to you.

Every document you create contains invisible metadata about you and your organisation. Here is what each file type stores and how to remove it before sharing professionally.

The Word document you send to a client may contain the names of people who reviewed it, the company's internal template path, the total time spent editing, and comments that were marked as resolved but not deleted. These are visible to anyone who checks the document properties or uses a metadata extraction tool. Before sharing any document professionally, removing this data is a basic confidentiality measure.

Metadata in PDF files

PDF document properties include the Title, Author, Subject, Keywords, Creator (the application that created the PDF), and Producer (the application used to save or convert the PDF). These fields are set automatically when the PDF is created and are visible in any PDF reader's document information dialog.

The Creator field often reveals internal software information. A PDF created from a Word document might show the exact version of Microsoft Office used. A PDF from a legal document management system might show the system's name and version, revealing internal infrastructure details.

XMP metadata embedded in PDFs can include additional fields beyond the standard document properties, including the organisation's name from the software registration, the workflow history if the document passed through a processing pipeline, and GPS or location data if the source file was a scanned document with location tagging.

To view and edit PDF metadata in Adobe Acrobat, go to File, then Properties, and check each tab including Description, Security, and Custom. In free PDF readers, the equivalent is often under Document Properties or File Info. Clear any fields that reveal information you do not want to share before distributing the file.

Metadata in Word documents

Word documents store an extensive set of metadata including the author name and initials from the Office registration, the names and initials of all people who have edited the document if track changes was used, the creation date, the last modification date, the last print date, the total editing time in minutes, the full file path where the document was saved, and the company name from the Office installation.

The editing time field is one that surprises people most. A document that took three days to write may show 450 minutes of active editing time, which gives recipients insight into the effort involved. A document that supposedly required significant research but shows only 20 minutes of editing time raises questions.

The full file path can reveal sensitive internal information. A path like "C:\Legal\Confidential Matters\Client A Settlement\Draft v7.docx" communicates that this is a confidential matter, that the client is named, that it concerns a settlement, and that there were at least seven drafts. Even if the file is now being shared as a non-confidential document, this path history reveals information that may not be appropriate to share.

Use the Document Inspector (File, Info, Check for Issues, Inspect Document) to see and remove all categories of metadata before sharing. Run it immediately before the final save and distribution.

Metadata in Excel files

Excel files contain similar author and date metadata to Word documents, plus additional data specific to spreadsheet use. Named ranges and external data connections may reveal information about other systems the spreadsheet interacts with. If the spreadsheet connects to an internal database, the connection string stored in the file may include server names, database names, and sometimes credentials.

Custom properties added to Excel files, visible in File, Properties, Custom, can contain any text entered by creators of the spreadsheet. Internal project codes, client identifiers, and department names entered as custom properties may not be visible in the spreadsheet itself but are accessible through the properties interface.

Excel's Document Inspector provides the same functionality as Word's, allowing bulk removal of document properties, personal information, hidden content, and external data connections before sharing.

Metadata in PowerPoint files

PowerPoint files contain author and date information similar to other Office formats. Speaker notes are the most commonly overlooked metadata risk. Notes added to slides for presenter use are not visible in the slide view but are part of the file. A presentation sent to clients or posted publicly with internal speaker notes attached may reveal strategic information, internal pricing rationale, or the presenter's private commentary about the audience.

Hidden slides are another common oversight. Slides hidden for a specific presentation but left in the file are accessible to anyone who opens the file in PowerPoint. If a slide was hidden because it contained sensitive content not appropriate for a specific audience, it remains in the file and viewable by anyone who opens it in the normal way.

The Document Inspector for PowerPoint includes checks for speaker notes, hidden slides, and personal information. Run it before sharing any presentation externally.

GDPR implications of document metadata

Under GDPR, personal data includes names, job titles, and email addresses. Author names in document metadata are personal data. If you are sharing documents under GDPR requirements and the document metadata includes author names of employees or contractors, those people's personal data is being shared with the recipient without necessarily being disclosed in the document's visible content. Removing author metadata before sharing is a straightforward GDPR compliance measure for documents shared externally.

Page last updated: