This is the first of two columns on the subject of "metadata". This column will focus on metadata and maintaining client confidences. 1 The next column will speak to metadata in the e-discovery context
Metadata is commonly defined as "data about data". But unless you are already a little techno-savvy, that definition probably is not terribly helpful to you. Try this definition : metadata is data that is attached to a computer file that describes the file. Think of it as extra information that is hidden in a document, information that is automatically created and embedded in a computer file.
So, every time a document is created or amended in Microsoft Word, Excel or PowerPoint, data tracking the author, document changes, editing time, and other document properties are added to the document. Here is a shortened list of metadata Microsoft indicates on its website that may be stored in documents created in all versions of Word, Excel and PowerPoint:
- Track changes: Inserted or deleted text you thought was gone
- Hidden cells
- Your name
- Your initials
- Your email address
- Your company or organization's name
- The name of your computer
- The name of the network server or hard disk on which you saved the document
- The names of previous document authors
- Document revisions
- Document versions
- Template information
- Hidden text
- Routing information
Similar, although less, metadata exists within Corel WordPerfect files, and metadata security issues affect the documents created in most other software programs, as well.
Some metadata can easily be viewed within the program that has created a file. In most circumstances, hidden metadata can only be seen with special software. However, hidden metadata can become visible accidentally, for example, when a corrupted file is opened or when WordPerfect opens and improperly converts to a Word file.
The metadata remains present, but hidden, until you remove it or someone else extracts it.And therein lies the danger: the wrong eyes may see this metadata. If you have e-mailed a Word or WordPerfect document to either a client or opposing counsel, chances are high that you shared more information than you intended.
There are some high-profile examples where someone sending an electronic document forgot that hidden metadata exists: In March 2004, a plaintiff, SCO Group , the seller of UNIX and Linux software, was embarrassed when "hidden text" revealed a different defendant and different claims were originally part of the high-stakes litigation it was pursuing. In December 2005, the editors of the New England Journal of Medicine announced that they had turned on the "Track Changes" feature in a paper on the arthritis drug Vioxx that Merck submitted for publication in 2000. Seems that two days before submission, critical data on the drug's cardiac risks had been deleted from the manuscript.
Now that the Alabama State Bar has spoken to the issue of metadata, however, Alabama attorneys must actively guard against the exposure--accidental or deliberate--of metadata.The Office of the General Counsel issued a formal opinion (2007-02) on the disclosure and mining of metadata. In doing so, Alabama became one of only a handful of states to deal head-on with the metadata issue but also, embraced a view contrary to that of the American Bar Association.
According to Opinion Number 2007-02, "[l]awyers have a duty under Rule1.6 2 to use reasonable care when transmitting electronic documents to prevent the disclosure of metadata containing client confidences or secrets". The Opinion provides two examples where client confidences or secrets could be at risk. The first is where a motion is written by several of a firm's attorneys using the collaboration features found in Word and WordPerfect and the motion is then electronically transmitted to opposing counsel. As the Opinion states, "[i]f you failed to 'scrub' or remove the hidden metadata prior to transmission, the opposing party could mine the document's metadata and discover which attorneys reviewed the motion, the critiques about the viability or strength of certain arguments, and the subsequent revisions made to the document". The second example involves the use of templates. Attorneys commonly base a document or a filing on a previous document. The Opinion points out that if the document is later electronically transmitted to the opposing party, the opposing party could discover the original client's name and information. The Opinion states that the "disclosure of client identity and information could constitute a violation of Rule 1.6, Alabama Rules of Professional Conduct".
The second part of Opinion 2007-02 that deals with the obligations of the receiving attorney is far more controversial. The Alabama State Bar concludes that "[a]bsent express authorization from a court, it is ethically impermissible for an attorney to mine metadata from an electronic document he or she inadvertently or improperly receives from another party".
The Opinion defines "mining" the document as "the act of deliberately seeking out and viewing metadata embedded in a document". Then, the Opinion concludes that the unauthorized mining of metadata by an attorney to uncover confidential information would be a violation of Rule 8.4, Alabama Rules of Professional Conduct. 3
This opinion has the effect of making the burden to protect the confidences of a client on the receiving lawyer equal to that of the sending lawyer. In reaching this conclusion, the Alabama State Bar Office of General Counsel expressly relied upon N.Y. State Bar Opinion 749 of the New York State Bar. In Formal Opinion 749, the New York State Bar wrote that "in light of the strong public policy in favor of preserving confidentiality as the foundation of the lawyer-client relationship, use of technology to surreptitiously obtain information that may be protected by the attorney client privilege, the work product doctrine or that may otherwise constitute a 'secret' of another lawyer's client would violate the letter and spirit of these Disciplinary Rules". On that basis, Alabama State Bar Opinion 2007-02 states that "[t] he mining of metadata constitutes a knowing and deliberate attempt by the recipient attorney to acquire confidential and privileged information in order to obtain an unfair advantage against an opposing party".
The Opinion carves out an exception for the mining of metadata that involves electronic discovery. The Opinion recognizes recent court decisions that indicate "that parties may be sanctioned for failing to provide metadata along with electronic discovery submissions". The Opinion cautions attorneys to seek direction from the court as to the production of metadata during discovery.
1 This column is adapted from a paper the author delivered at the 2007 ALAJ Summer Seminar called "Metadata: What it is and Why You Should Care". The complete paper is available for download at http://www.mrblaw.com/.
2 See Rule 1.6 Alabama Rules of Professional Conduct, which provides that: "(a) A lawyer shall not reveal information elating to representation of a client unless the client consents after consultation, except for disclosures that are impliedly authorized in order to carry out the representation, and except as stated in paragraph (b)."
3 See Rule 8.4 Alabama Rules of Professional Conduct, which provides that it is misconduct for an attorney to, among other things: "(a) violate or attempt to violate the Rules of Professional Conduct, knowingly assist or induce another to do so, or do so through the acts of another; (b) commit a criminal act that reflects adversely on the lawyer's honesty, trustworthiness or fitness as a lawyer in other respects; ( c) engage in conduct involving dishonesty, fraud, deceit or misrepresentation; (d) engage in conduct that is prejudicial to the administration of justice;".