Join Now

Use and Abuse of Metadata


Imagine that you are a lawyer conversing with a client in your office. It’s a nice day, so you leave your window open. Another lawyer who works in the same building, and happens to represent a party currently negotiating a contract with your client, is standing outside your window having a coffee break. Through your open window, he can hear snatches of your conversation with your client. Most of what he hears is useless information, but there are a few bits that give him some insight into your negotiation plan for the contract. You may not know it, but you have probably failed in your duty to protect client confidences.

You can unintentionally leave the same kind of window open electronically. Potentially useful hidden information, technically known as “metadata,” can be inadvertently conveyed in electronic files sent to other parties or stored in documents discovered in litigation. Metadata left in electronic documents thus raises ethical issues for lawyers on both the sending and the receiving ends, and it can also play an evidentiary role in certain kinds of lawsuits. As a lawyer, you have an ethical duty to know about metadata, to protect yourself from inadvertent disclosure obit if it includes confidential information, and, if it is properly acquired, tousle it to prove your case in litigation.

Metadata is commonly referred to as “data about data.” Specifically, it is information stored in electronic documents, such as Word and Excel files, that can show changes made to the document, comments made electronically in the document, when the document was created and by whom, who has accessed or worked on the document, when the document was printed, and so on. If the track changes function was enabled during the writing process, metadata can show previous versions of the document even if the last author “accepted” the changes made.

At first glance, this kind of information may seem useless to the lawyer receiving a document electronically, and thus not worth worrying about. But imagine again that transactional lawyer representing a client in a contract negotiation. She leaves the electronic window open by sending a version of the contract to the other party’s lawyer without first removing the metadata. The receiving lawyer knows how to access the metadata and consequently discovers that at one point the sender’s version of the contract included a key provision favorable to the receiver’s client, but it was later removed. The receiver might conclude that the sender and her client are at least considering conceding that key provision. The sender has revealed confidential information, and the receiver now knows something that will help his side in the negotiations.

Or imagine a litigation lawyer who sends a trial brief he’s been working on to another lawyer working on a similar case. He doesn’t remove the metadata, which includes embedded comments made by the client and notes about their litigation strategy. By failing to remove the metadata, he has disclosed confidential and work product information, which is contrary to ethical rules even if it is not immediately useful to the receiver.

Because the use of metadata can raise ethical issues for lawyers on both the sending and the receiving ends, many state ethics committees have recently issued opinions clarifying a lawyer’s responsibilities in this area. The opinions raise three ethical questions: (1) what is the sending lawyer’s duty of care regarding metadata? (2) Canthi receiving lawyer look at the metadata if the sending lawyer fails to remove it? (3) Does the receiving lawyer have a duty to notify the sending lawyer of inadvertently transmitted metadata?

Regarding the sender’s duty, most state ethics committees agree that lawyers must exercise reasonable care to avoid transmitting metadata to third parties. Under this standard, lawyers generally must be aware that documents contain such data, and must take reasonable steps to avoid sending it if it will reveal client confidences. The definition of “reasonable care” will differ depending on the circumstances.

On the other hand, state ethics committees have disagreed about whether receiving lawyer can view, and make use of, metadata a sending lawyer has failed to remove. For instance, opinions from New York and Florida state that a lawyer who deliberately looks for potentially confidential information in a transmitted document commits a clear ethical violation. Opinions from Maryland and Vermont, on the other hand, state that the receiving lawyer may ethically “mine” for metadata. The Vermont opinion(Vermont Bar Assoc. Prof. Resp. Section, Vermont Ethics Opinion 2009-1) goes so far as to suggest that limiting the recipient’s ability to review metadata may interfere with her duty “diligently and thoroughly to analyze material received from opposing counsel.”

Finally, on the third question, most state ethics committees agree that if a receiving lawyer has actual knowledge that a sending lawyer has inadvertently included metadata in a transmission, she has an ethical duty to notify the sending lawyer. This duty is consistent with the general duty recipient lawyer has to let another lawyer know if he has inadvertently revealed confidential information.

While these opinions define the specific duties you will have when you send and receive electronic files as a practicing lawyer, you should also be aware that metadata can be used as evidence to prove your case. So in this context, you may have a responsibility to consider using metadata if itis available to you.

For instance, in a recent Arizona case, Lake v. City of Phoenix (218P.3d 1004 (2009)), the Supreme Court of Arizona held that if a public entity maintains electronic records, these records, including any related metadata, must be disclosed when requested. In Alkema public employee sued the city on an employment discrimination claim. Invoking public records laws, he requested copies of his supervisor’s notes related this job performance. But when he received the copies, he suspected they had been backdated on the computer when they were prepared. He sought disclosure of the metadata relating to the file to establish exactly when the notes were first entered on the computer. The court granted Lake’s request, reasoning that the metadata is part of the public record.

Similarly, current Federal Rule of Civil Procedure 34(a) indicates that metadata is discoverable in the formal discovery process. And rules of professional conduct, like Model Rule 3.4, would prohibit lawyers from removing metadata from evidentiary documents if it has potential probative value. Thus, while metadata may usually not be useful in litigation, you should keep it in mind as a potential source of information when you’re working on cases that involve electronically produced documents.

The existence of metadata could affect you even while you’re in law school. Unless you take steps to remove it, metadata is available to anyone reading your electronic
documents. This means that your legal writing professor can see if you’ve really been working on your memo for two weeks or just started it last night.

The good news is that it is relatively easy to satisfy your professional responsibility to remove metadata from your legal documents. There are a number of commercial programs available, called “document scrubbers,” that will automatically remove metadata from electronic files. As a matter of best practices, law firms should have these programs in place, and using one of these programs should become a routine step in your writing process as a practicing lawyer. You can also make a habit of never sending Word files as attachments and instead convert files to PDF format, which should eliminate metadata. These practices will ensure that you have shut the electronic window by taking reasonable care to protect client confidences.


Popular Stories