How to Secure and Protect Your PDF Documents

PDF files are the standard, universal format people use to share documents of every kind, but what they can actually contain in fact goes far beyond merely the text visible to the naked eye on the surface. Hidden metadata, author information, revision history, and embedded tracking data can all, entirely inadvertently on your part, expose any number of sensitive details that you never intended to share in the first place.

What Hidden Data Lurks in PDFs?

A PDF that has been converted and created from a Word document is very likely to retain, completely intact, the original author name, the company it belongs to, every single edit timestamp, the revision record, and even all manner of annotations and comments — and this holds true even if you believe you have already "Saved As" the PDF format. A PDF's document properties typically include the following: the author's name and the organization they belong to, the document's creation and modification dates, the specific software used to create it, the complete revision history along with each earlier version, and those comments or annotations that may have been deliberately hidden yet were never truly deleted. For legal, medical, or business-type documents, this inconspicuous metadata can constitute a rather serious confidentiality risk. In reality, courts have genuinely seen sensational cases of exactly this kind: PDFs that had supposedly undergone "blacking out" treatment still, beneath their black blocks, retained the complete text that anyone could easily read right out.

How to Securely Handle PDFs

  • 1Before sharing any PDF, be sure to first check the metadata it carries. Open the document's properties panel and look carefully at exactly what information about the author, the software used, and the revision record has been embedded within it, so that you know precisely where things stand.
  • 2Properly delete or redact sensitive content. Redaction in the true sense of the word completely overwrites and erases the underlying text data — and you must never simply draw a black rectangle over the text and call it done, because if you do, the text hidden beneath can still be selected, copied, and searched, which amounts to a hollow gesture offering no real protection at all.
  • 3Enable password protection for documents that contain sensitive information. It is recommended that you set two passwords at once: one is the open password (used to control who can view the document's contents), and the other is the permissions password (used to prevent others from freely copying, printing, or editing the document). With both working together, your security is far better assured.

PDF Security Best Practices

When you need to obtain a clean version of a document that contains no metadata whatsoever, always regenerate it using the "Print to PDF" function from within a clean application, rather than taking the easy route of exporting directly from the original source file, which often carries the metadata right along with it. For legally required content redaction, use dedicated tools that can definitively overwrite and erase the content, rather than simply layering some shapes or colored blocks over the text just to muddle through. Be especially cautious and careful with PDF files of unknown origin and uncertain provenance — they may have embedded within them malicious JavaScript code, hidden hyperlinks pointing to tracking URLs, or exploit code crafted specifically to target vulnerabilities in PDF readers. Be sure to confirm that your PDF reader is always kept at the latest updated version; you should know that security vulnerabilities in PDF readers are a very common and dangerous point of entry for cyberattacks.

Inspect and secure your PDF documents in your browser

Try PrivaPDF
All Guides