- ABA Groups
- Resources for Lawyers
- Career Center
- About Us
American Bar Association Young Lawyers Division - August 2010 - Vol 14 Issue 10: Danger Below the Surface: A LOOK AT METADATA ETHICS OPINIONS
|»||Guidelines for Contributors|
|»||Reprints & Back Issues|
|»||Download this article in PDF format ||
Joshua Poje is an attorney in the ABA’s Legal Technology Resource Center in Chicago. He can be contacted at Joshua.Poje@americanbar.org.
—Danger Below the Surface
By Joshua Poje
Last March, the Minnesota Lawyers Professional Responsibility Board joined the American Bar Association and more than a dozen state bar associations in issuing a formal ethics opinion regarding inadvertent disclosure of privileged information via metadata. While Minnesota’s opinion was not groundbreaking, it did serve as a reminder of the importance of metadata and the ongoing debate about its proper handling.
By now, most lawyers are familiar with the term “metadata,” which is a hidden layer of information within most electronic documents. Metadata often is described as “data about data” because it largely consists of information regarding a document’s origins, including who created it, when it was opened, and what software was used. It also can contain more consequential data, including a record of changes made, who made those changes, and any comments that may have been added to a document.
The impetus for the many metadata ethics opinions in recent years is the ease with which metadata can lead to inadvertent disclosure of work product or other privileged information. Imagine, for example, an attorney revealing her client’s bottom line in a contract negotiation by failing to erase comments on a draft contract sent to the other party. The potential consequences are serious for the client and attorney.
The opinions issued to date have focused on three topics with varying conclusions: the sender’s responsibility when transmitting electronic files; the recipient’s right to examine (or “mine”) files for metadata; and the recipient’s duty to notify the sender if sensitive data is discovered.
Jurisdictions that have examined metadata have agreed on one point: the sender’s responsibility. An attorney sending an electronic document has a duty to exercise reasonable care to avoid inadvertently disclosing confidential information. Exactly what constitutes reasonable care may vary depending upon the jurisdiction and situation. For example, the State Bar of Arizona’s Ethics Committee noted that what is “reasonable” may depend upon “the sensitivity of the information, the potential consequences of its inadvertent disclosure, whether further disclosure is restricted by statute, protective order, or confidentiality agreement, and any special instructions given by the client.” SBA Ethics Opinion 07-03.
Attorneys cannot use “technophobia” as an excuse for metadata missteps. According to the Colorado Bar Association Ethics Committee, attorneys cannot limit their duty “by remaining ignorant of technology relating to metadata or failing to obtain competent computer support.” CBA Ethics Opinion 119.
Recipient’s right to examine
Unfortunately, the opinions regarding the recipient’s duties are significantly less uniform. In the ABA, Maryland, and Vermont opinions, metadata mining generally is allowed. Colorado, Washington D.C., and West Virginia permit metadata mining unless the recipient has actual knowledge that the metadata was sent inadvertently.
In other jurisdictions, including New York and Maine, mining metadata is prohibited. In New York, the New York State Bar Association’s Committee on Professional Ethics based its decision prohibiting the mining of metadata in part on the “strong public policy in favor of protecting attorney-client confidentiality.” NYSBA Opinion 749. Finally, both Minnesota and Pennsylvania avoided a bright-line rule on metadata mining and decided that the determination is fact specific and will vary from case to case.
Recipient’s duty to notify
On the issue of notification, there is some consensus that a recipient who discovers sensitive information is required to notify the sender. In most cases, the jurisdictions rely on their local variation of ABA Model Rule of Professional Conduct 4.4(b), which states that an attorney “who receives a document relating to the representation of the lawyer’s client and knows or reasonably should know that the document was inadvertently sent shall promptly notify the sender.” One exception is Maryland, which does not require notice but does state that “the receiving attorney can, and probably should, communicate with his or her client concerning the pros and cons of whether to notify the sending attorney.” MSBA Ethics Docket 2007-09.
Though we may never achieve full consensus on metadata mining, there is agreement on the issue directly within your control: the level of care exercised when transmitting electronic documents. All attorneys who handle electronic files should educate themselves regarding the dangers of inadvertent transmission of metadata and implement procedures and/or software to prevent any such mishap.
Learn to use the built-in metadata removal tools in your software. For example, Microsoft OfficeTM 2007 includes a Document Inspector that thoroughly examines and eliminates metadata in Office documents. Converting documents to PDF will eliminate some—but not all—metadata. Attorneys handling large volumes of electronic documents should consider implementing a commercial metadata scrubber tool, such as Payne’s Metadata Assistant ( www.payneconsulting.com) or 3BView ( www.3bview.com).
By exercising appropriate caution when handling electronic documents and by staying current on new metadata developments, you can effectively limit the risks posed to you and your clients.
The ABA Legal Technology Resource Center maintains a comparison chart of all current metadata ethics opinions at www.lawtechnology.org/fyidocs/metadatachart.html.NEXT STEPS