Use and Abuse of Metadata

Vol. 39 No. 4

By

Mary Dunnewold is a legal writing instructor at Hamline UniversitySchool of Law.

Imagine that you are a lawyer conversing with a client in your office. It’s a niceday, so you leave your window open. Another lawyer who works in the samebuilding, and happens to represent a party currently negotiating a contractwith your client, is standing outside your window having a coffee break.Through your open window, he can hear snatches of your conversation with yourclient. Most of what he hears is useless information, but there are a few bitsthat give him some insight into your negotiation plan for the contract. You maynot know it, but you have probably failed in your duty to protect clientconfidences.

You can unintentionally leavethe same kind of window open electronically. Potentially useful hiddeninformation, technically known as “metadata,” can be inadvertently conveyed inelectronic files sent to other parties or stored in documents discovered inlitigation. Metadata left in electronic documents thus raises ethical issuesfor lawyers on both the sending and the receiving ends, and it can also play anevidentiary role in certain kinds of lawsuits. As a lawyer, you have an ethicalduty to know about metadata, to protect yourself from inadvertent disclosure ofit if it includes confidential information, and, if it is properly acquired, touse it to prove your case in litigation.

Metadata is commonly referred to as “data about data.” Specifically, it isinformation stored in electronic documents, such as Word and Excel files, thatcan show changes made to the document, comments made electronically in thedocument, when the document was created and by whom, who has accessed or workedon the document, when the document was printed, and so on. If the track changesfunction was enabled during the writing process, metadata can show previousversions of the document even if the last author “accepted” the changes made.

At first glance, this kind of information may seem useless to the lawyerreceiving a document electronically, and thus not worth worrying about. Butimagine again that transactional lawyer representing a client in a contractnegotiation. She leaves the electronic window open by sending a version of thecontract to the other party’s lawyer without first removing the metadata. Thereceiving lawyer knows how to access the metadata and consequently discoversthat at one point the sender’s version of the contract included a key provisionfavorable to the receiver’s client, but it was later removed. The receivermight conclude that the sender and her client are at least consideringconceding that key provision. The sender has revealed confidential information,and the receiver now knows something that will help his side in thenegotiations.

Or imagine a litigation lawyer who sends a trial brief he’s been workingon to another lawyer working on a similar case. He doesn’t remove the metadata,which includes embedded comments made by the client and notes about theirlitigation strategy. By failing to remove the metadata, he has disclosedconfidential and work product information, which is contrary to ethical ruleseven if it is not immediately useful to the receiver.

Because the use of metadata can raise ethical issues for lawyers on boththe sending and the receiving ends, many state ethics committees have recentlyissued opinions clarifying a lawyer’s responsibilities in this area. Theopinions raise three ethical questions: (1) What is the sending lawyer’s duty of care regarding metadata? (2) Canthe receiving lawyer look at the metadata if the sending lawyer fails to removeit? (3) Does the receiving lawyer have a duty to notify the sending lawyer ofinadvertently transmitted metadata?

Regarding the sender’s duty, most state ethics committees agree thatlawyers must exercise reasonable care to avoid transmitting metadata to thirdparties. Under this standard, lawyers generally must be aware that documentscontain such data, and must take reasonable steps to avoid sending it if itwill reveal client confidences. The definition of “reasonable care” will differdepending on the circumstances.

On the other hand, state ethics committees have disagreed about whether areceiving lawyer can view, and make use of, metadata a sending lawyer hasfailed to remove. For instance, opinions from New Yorkand Floridastate that a lawyer who deliberately looks for potentially confidentialinformation in a transmitted document commits a clear ethical violation.Opinions from Maryland and Vermont, on the other hand, state that thereceiving lawyer may ethically “mine” for metadata. The Vermont opinion(Vermont Bar Assoc. Prof. Resp. Section, Vermont Ethics Opinion 2009-1) goes sofar as to suggest that limiting the recipient’s ability to review metadata mayinterfere with her duty “diligently and thoroughly to analyze material receivedfrom opposing counsel.”

Finally, on the third question, most state ethics committees agree thatif a receiving lawyer has actual knowledge that a sending lawyer hasinadvertently included metadata in a transmission, she has an ethical duty tonotify the sending lawyer. This duty is consistent with the general duty arecipient lawyer has to let another lawyer know if he has inadvertentlyrevealed confidential information.

While these opinions define the specific duties you will have when yousend and receive electronic files as a practicing lawyer, you should also beaware that metadata can be used as evidence to prove your case. So in thiscontext, you may have a responsibility to consider using metadata if itis available to you.

For instance, in a recent Arizona case, Lake v. City of Phoenix (218P.3d 1004 (2009)), the Supreme Court of Arizona held that if a public entitymaintains electronic records, these records, including any related metadata,must be disclosed when requested. In Lake,a public employee sued the city on an employment discrimination claim. Invokingpublic records laws, he requested copies of his supervisor’s notes related tohis job performance. But when he received the copies, he suspected they hadbeen backdated on the computer when they were prepared. He sought disclosure ofthe metadata relating to the file to establish exactly when the notes werefirst entered on the computer. The court granted Lake’srequest, reasoning that the metadata is part of the public record.

Similarly, current Federal Rule of Civil Procedure 34(a) indicates thatmetadata is discoverable in the formal discovery process. And rules ofprofessional conduct, like Model Rule 3.4, would prohibit lawyers from removingmetadata from evidentiary documents if it has potential probative value. Thus,while metadata may usually not be useful in litigation, you should keep it inmind as a potential source of information when you’re working on cases thatinvolve electronically produced documents.

The existence of metadata could affect you even while you’re in lawschool. Unless you take steps to remove it, metadata is available to anyonereading your electronic
documents. This means that your legal writing professor can see if you’vereally been working on your memo for two weeks or just started it last night.

The good news is that it isrelatively easy to satisfy your professional responsibility to remove metadatafrom your legal documents. There are a number of commercial programs available,called “document scrubbers,” that will automatically remove metadata fromelectronic files. As a matter of best practices, law firms should have theseprograms in place, and using one of these programs should become a routine stepin your writing process as a practicing lawyer. You can also make a habit ofnever sending Word files as attachments and instead convert files to PDFformat, which should eliminate metadata. These practices will ensure that youhave shut the electronic window by taking reasonable care to protect clientconfidences. 

Advertisement

  • About Student Lawyer

Download the Student Lawyer App Now!

 

  • Additional Resources

  • Subscriptions

  • More Information

  • Contact Us