ETHICS AND THE USE OF METADATA IN LITIGATION AND LAW PRACTICE
First Run Broadcast: May 8, 2013
1:00 p.m. E.T./12:00 p.m. C.T./11:00 a.m. M.T./10:00 a.m. P.T. (60 minutes)
Most electronic files contain unseen information about when and how they were created, and
how they were edited over time. In legal documents –pleadings, briefs, letters and even email –
this information can be highly sensitive, revealing confidential information such as the true
nature of a client’s position, its negotiating strategy, or otherwise unknown or misrepresented
facts. Discovery of this information by an adversary can be both highly damaging to a client’s
case and may constitute an ethical breach by a lawyer. In the same way, if you discover this
information in an adversary’s documents, it may greatly aid your client’s case. But this area is
fraught with significant ethical issues. This program will provide you with a guide to ethical
issues in shielding your client’s metadata from disclosure and using the metadata you find in an
adversary’s documents.
Ethical issues in your protecting your client’s metadata and in using the metadata of
adversaries
Duties of competency, confidentiality, zealous representation, and preserving the
attorney-client privilege
Are attorneys required to find and destroy their clients’ metadata?
Can attorneys ethically look for metadata in the electronic files sent to them by an
adversary and use it?
Metadata issues in the creation and exchange of email
Best practices to avoid ethical liability and adverse outcomes in a case
Speaker:
Elizabeth Treubert Simon is of counsel in the Washington, D.C. office of Vorys, Sater,
Seymour and Pease LLP, where the primary focus of her practice is the defense of attorneys and
other professionals, trademark and copyright infringement litigation, and insurance coverage
litigation. She also provides counsel to insurers regarding insurance coverage and counsels
clients regarding professional ethics and attorney disciplinary procedures. Ms. Simon is a
member of the Committee on Professional Discipline of the New York State Bar Association.
She received her B.A. and M.S. from the University of Pennsylvania and her J.D. from Albany
Law School.
VT Bar Association Continuing Legal Education Registration Form
Please complete all of the requested information, print this application, and fax with credit info or mail it with payment to: Vermont Bar Association, PO Box 100, Montpelier, VT 05601-0100. Fax: (802) 223-1573 PLEASE USE ONE REGISTRATION FORM PER PERSON. First Name: _____________________ Middle Initial: _____Last Name: __________________________
Firm/Organization:____________________________________________________________________
Address:___________________________________________________________________________
City:__________________________________ State: _________ ZIP Code: ______________
Phone #:________________________ Fax #:________________________
E-Mail Address: ____________________________________________________________________
I will be attending:
Ethics and the Use of Metadata in Litigation and Law Practice
Teleseminar May 8, 2013
Early Registration Discount By 05/01/13 Registrations Received After 05/01/13
VBA Members: $70.00 Non VBA Members/Atty: $80.00
VBA Members: $80.00 Non-VBA Members/Atty: $90.00
NO REFUNDS AFTER May 1, 2013
PLEASE NOTE: Due to New Hampshire Bar regulations, teleseminars cannot be used for New Hampshire CLE credit
PAYMENT METHOD:
Check enclosed (made payable to Vermont Bar Association): $________________ Credit Card (American Express, Discover, MasterCard or VISA) Credit Card # ________________________________________Exp. Date_______ Cardholder: ________________________________________________________
Vermont Bar Association
CERTIFICATE OF ATTENDANCE
Please note: This form is for your records in the event you are audited Sponsor: Vermont Bar Association Date: May 8, 2013 Seminar Title: Ethics and the Use of Metadata in Litigation and Law Practice Location: Teleseminar Credits: 1.0 Ethics MCLE Luncheon addresses, business meetings, receptions are not to be included in the computation of credit. This form denotes full attendance. If you arrive late or leave prior to the program ending time, it is your responsibility to adjust CLE hours accordingly.
ETHICS OF METADATA
Professional Education Broadcast Network
Continuing Legal Education Webcast
May 8, 2013
Elizabeth Treubert Simon
E-mail: [email protected]
Telephone: (202) 467-8879
Facsimile: (202) 533-9074
Vorys, Sater, Seymour and Pease LLP
1909 K Street, NW
Suite 900
Washington, D.C. 20006-1152
(202) 467-8800 (Telephone)
www.vorys.com
2
INTRODUCTION
Metadata is everywhere in the everyday practice of law. When creating documents,
editing documents, and handling electronic records, attorneys create, modify and destroy
metadata. Each of these events brings with it some measure of risk. As the practice of law
becomes more technology driven, understanding metadata, and the ethics of metadata, are
essential for all attorneys, regardless of their level of technological proficiency.
A. WHAT IS METADATA?
“Metadata” is comprised of many different elements. Metadata, commonly described as
“data about data,” is defined as information describing the history, tracking or management of an
electronic document. Williams v. Sprint/United Mgmt. Co., 230 F.R.D. 640 (D. Kan. 2005).
Metadata is embedded information contained in electronic documents that contains information
about the background and demographics of a given file. Metadata may reveal who worked on a
document, the name of the organization that created or worked on it, information about prior
document versions, recent revisions, and comments inserted in the document during drafting or
editing. ABA/BNA Lawyers‟ Manual on Professional Conduct, 21 Current Rep. 39 (2004). The
hidden text may reflect editorial comments, strategy considerations, legal issues raised by the
client or the attorney, or legal advice provided by the attorney. Id.
The Sedona Guidelines and Commentary for Managing Information in the Electronic
Age (Second Ed. 2007) notes that metadata includes information about a particular data set that
describes how, when and by whom the data was collected, created, accessed or modified and
how it is formatted (including information such as size, location, storage requirements and media
information.
3
The Sedona Conference Commentary on Ethics & Metadata (March 2012) identifies
several types of metadata. Among the different types of metadata are:
(1) Application metadata – application metadata is created as a function of the application
software used to crated the document, including display information (such as fonts, spacing size
and color) and reflecting modification of the document. It is embedded information that moves
with the document when it is moved or copied;
(2) System metadata – system metadata includes information created by the user or the
user‟s information management system, such as tracking the title of a document, the user
identification of the creating computer and other profile information. It is generally not
embedded, but stored externally on the information management system; and,
(3) Embedded metadata – embedded metadata consists of text, numbers, content, data
and other information that is directly or indirectly inputted into a native file by a user and which
is not typically visible to the user viewing the output display of the native file. Examples would
be spreadsheet formulas, hyperlinks and database information.
Much of the metadata contained in a document is irrelevant, such as spelling corrections;
however, as this paper discusses, much of the information that can be found in a document could
be very damaging if it was shared with opposing counsel. Metadata could reveal legal strategy,
settlement strategy, defense theories, attorney work product or attorney-client communications.
Many word processing programs allow the tracking of changes within a document.
Tracking changes allows for finding additions and deletions to documents, including comments
that might have been added by reviewers and editors. Through the use of metadata, even deleted
changes can be found simply by clicking on an icon or by changing the settings within the word
processing program.
4
There are potentially hundreds of distinct fields of metadata, with each field supplying
unique information about a file. Documents are often worked on collaboratively within practice
groups or offices, thereby increasing the metadata in a given document. Clients review
documents and send comments and changes in redline. Those comments become embedded in
your electronic documents and, without precautions, could expose you to significant liability if
your opposing counsel was able to obtain that confidential information.
The risks of failing to take proper precautions to prevent the transmission of metadata can
be costly to your clients. In the Vioxx litigation, metadata revealed that the manufacturer,
Merck, edited out negative information from a drug study. See, e.g., Robert Langreth and
Matthew Herper, Merck‟s Deleted Data, Forbes.com (Dec. 8, 2005).1 The article notes that
hovering the cursor over the changes in the study identified the editor as “Merck.”
B. APPLICABLE ABA MODEL RULES
ABA Model Rule 1.1 address the lawyer‟s obligation of competence. Model Rule 1.1
states, in relevant part: [a] lawyer shall provide competent representation to a client. Competent
representation requires the legal knowledge, skill, thoroughness and preparation reasonably
necessary for the representation.
ABA Model Rule 1.3 addresses the lawyer‟s obligation of diligence. Model Rule 1.3
states, in relevant part: [a] lawyer shall act with reasonable diligence and promptness in
representing a client.
ABA Model Rule 1.6 addresses the lawyer‟s obligation to maintain the confidentiality of
information. Model Rule 1.6 states, in relevant part: (a) A lawyer shall not reveal information
relating to the representation of a client unless the client gives informed consent, the disclosure is
1 http://www.forbes.com/2005/12/08/merck-vioxx-lawsuits_cx_mh_1208vioxx.html.
5
impliedly authorized in order to carry out the representation or the disclosure is permitted by
paragraph (b). Paragraph (b) sets forth exceptions to the duty to maintain confidentiality.
Paragraph (c) sets forth the obligation that [a] lawyer shall make reasonable efforts to prevent the
inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the
representation of a client.
ABA Model Rule 4.4 sets forth a lawyer‟s obligations of respect for the rights of third
persons. Model Rule 4.4(a) states that:
(a) In representing a client, a lawyer shall not use means that have no substantial
purpose other than to embarrass, delay, or burden a third person, or use methods
of obtaining evidence that violate the legal rights of such a person.
(b) A lawyer who receives a document or electronically stored information
relating to the representation of the lawyer's client and knows or reasonably
should know that the document or electronically stored information was
inadvertently sent shall promptly notify the sender.
Model Rule 4.4(b) reflects revisions made in response to the ABA‟s Ethics 20/20 review
of the Model Rules. The commentary to Model Rule 4.4 has recently been updated to address
issues relevant to metadata and electronic discovery. Comment 2 to Model Rule 4.4 notes that
Rule 4.4(b) addresses the issue of inadvertent production. The Rule applies to the accidental
inclusion of protected information in a document or electronically stored information found in
transmissions of information that were intentionally sent. The commentary notes that, for
purposes of Rule 4.4, „„document or electronically stored information‟‟ includes, in addition to
paper documents, email and other forms of electronically stored information, including
embedded data (commonly referred to as “metadata”), that is subject to being read or put into
readable form.
Generally, metadata in electronic documents creates obligations under Rule 4.4 only if
the receiving attorney knows or reasonably should know that the metadata was inadvertently sent
6
to the receiving attorney. Finally, Comment 3 to Rule 4.4 recognizes that some attorneys may
choose to return a document or delete electronically stored information unread and that the
decision to voluntarily return such a document or delete electronically stored information is a
matter of professional judgment ordinarily reserved to the attorney. See Model Rules 1.2 and
1.4.
There is no uniformity among the states with regard to how metadata is treated and the
ethical obligations of attorneys in dealing with issues of metadata. Some states, like Maryland,
do not have an equivalent to Rule 4.4(b). Further complicating the metadata issue is the fact that
the ethics of metadata differ, depending on the situation the attorney is dealing with. For
example, the obligations of an attorney with regard to metadata in discovery are different than
the obligations of an attorney in everyday communications with other attorneys or third parties.
The issues of metadata in the discovery context are addressed briefly in this paper, but it should
be noted that some ethics opinions, like District of Columbia Ethics Opinion 341, note that ethics
rules may prohibit the removal of metadata during the production of electronic discovery. The
District of Columbia Bar stated that “in view of the obligations of a sending lawyer in providing
electronic documents in response to a discovery request or subpoena, a receiving lawyer is
generally justified in assuming that metadata was provided intentionally.” D.C. Bar Legal Ethics
Op. 341. However, even in the discovery context, a D.C. attorney receiving documents must still
comply with Rule 4.4(b) if there is actual knowledge that metadata containing protected
information has been inadvertently included in the production. The D.C. version of Rule 4.4(b)
is more expansive than the ABA Model Rule. Unlike the ABA Model Rules, the District of
Columbia Rules prohibit the review of an inadvertently transmitted writing if the attorney knows,
before examining the writing, that it has been inadvertently sent.
7
C. ETHICAL ISSUES
1. Ethical issues in your protecting your client’s metadata and in using the metadata of
adversaries
Just as the rules and procedures applicable to electronic discovery have evolved greatly in
recent years, so too have the obligations of attorneys with regard to everyday communications
and information exchanges. The ABA and various state bars have issued opinions addressing the
ethics of metadata and the ethical obligations of attorneys dealing with metadata.
The jurisdictions that have issued opinions regarding metadata uniformly require that the
attorney transmitting the information use reasonable care to not knowingly reveal confidential or
privileged client information and to guard against the disclosure of metadata that might contain
such confidential information. However, to date, most jurisdictions have not addressed the issue
of the ethics of metadata.
Those states that have issued opinions addressing the ethical duties as to metadata can be
grouped into three main categories. The first category are the states that allow attorneys to
access the metadata located in received documents. These states, including Colorado, Maryland,
Minnesota, Vermont and Washington, follow the ABA view, which allows access to metadata.
These jurisdictions place the burden on the sending or delivering attorney to address metadata
disclosure issues. Oregon allows for the access of metadata, but requires that the receiving
attorney notify the sender if he or she knows that the metadata was inadvertently included in the
document.
The next category of states, including Alabama, Arizona, Florida, Maine, New
Hampshire, New York, and North Carolina prohibit access to metadata. The rationale is avoid
damage to the confidentiality of the attorney-client relationship and the likelihood of
inadvertently produced confidential or privileged information.
8
The final category are the jurisdictions that prohibit access depending on the
circumstances. Washington, D.C. and West Virginia prohibit the access to metadata when the
attorney has actual knowledge that the metadata was inadvertently sent. Pennsylvania reviews
metadata issues on a case by case basis.
The one thing that every state that has looked at the issue of metadata agrees upon is that
the sending attorney is responsible for what he or she sends. An attorney is held to a duty to
exercise reasonable care to avoid inadvertently disclosing confidential information. However, as
discussed below, exactly what constitutes reasonable care varies by jurisdiction and situation.
For example, Arizona holds that that reasonableness depends upon the sensitivity of the
information, the potential consequences of its inadvertent disclosure, whether further disclosure
is restricted by statute, protective order or confidentiality agreement, and any special instructions
given by the client. State Bar of Arizona Ethics Op. 07-03.
Attorneys cannot hide behind a lack of knowledge of the applicable and appropriate
technology. Several states have explicitly held that the duty of competency, as set out in Model
Rule 1.1 (and the various state equivalents to Rule 1.1) now encompasses having the
technological understanding of the technology related to metadata and/or the attorney availing
himself of adequate technology and computer support.
2. Are attorneys required to find and destroy their clients’ metadata?
a. ABA View
The ABA imposes no explicit duty regarding metadata, but notes that attorneys
concerned with the possibility of “sending, producing, or providing” opposing counsel with
documents that may contain metadata can take advantage of any of a number of methods for
eliminating metadata from documents. A lawyer‟s general duty of protecting the confidentiality
9
of client information under Rule 1.6 likely still apply to metadata. Attorneys who are concerned
about sending or providing a document that contains or may contain metadata may be able to
limit the likelihood of transmission by scrubbing metadata from documents or sending a different
version of the document without the embedded information.
b. State Views
The views among the states regarding the duties of an attorney when sending metadata
vary widely. This paper provides a non-exhaustive view of the varying, and often conflicting
positions taken in various state ethics opinions.
Alabama states that an attorney has an ethical duty to exercise reasonable case when
transmitting electronic documents to ensure that he or she does not disclose his or her client‟s
secrets and confidences. Ala. St. Bar Office of Gen. Counsel Formal Op. 2007-02. The
following factors are relevant to determining whether reasonable care was shown: (1) the steps
taken by the attorney to prevent the disclosure of metadata; (2) the nature and scope of the
metadata revealed; (3) the subject matter of the document; and, (4) the intended recipient. Id.
Arizona imposes a duty of reasonable care on its attorneys. Arizona‟s commentary to
Rule 1.6 provides that “when transmitting a communication that includes information relating to
the representation of a client, the attorney must take reasonable precautions to prevent the
information from coming into the hands of unintended recipients.” St. Bar of Ariz. Ethics
Comm. Op. 07-03. Reasonableness is determined by the sensitivity of the information, the
potential consequences of its inadvertent disclosure, whether further disclosure is restricted by
statute, protective order or confidentiality agreement and any special instructions given by the
client. Id. Attorneys must take reasonable care not to violate any duty of disclosure to which the
attorney or the client is subject. Id.
10
Colorado imposes a duty of reasonable care on its attorneys, requiring that the sending
attorney use reasonable care to ensure that metadata containing confidential information is not
disclosed to third parties. Colorado Bar Assn. Ethics Comm. Opinion 119. The sending attorney
cannot avoid the duty of reasonable care by remaining ignorant of technology relating to
metadata or failing to obtain competent computer support. Id.
The Florida Bar Ethics Department has stated that it is the sending attorney‟s obligation
to take reasonable steps to safeguard the confidentiality of all communications sent by electronic
means to other attorneys and third parties and to protect from other attorneys and third parties all
confidential information, including that information found in metadata, that may be included in
electronic communications. Ethics Opinion 06-02.
Maine imposes an ethical duty to use reasonable care when transmitting electronic
documents in order to prevent the disclosure of metadata containing confidential information.
Maine Bd. of Overseers of the Bar Prof. Ethics Comm. Op. 196. The duty requires the attorney
to apply a basic understanding of the existence of metadata embedded in electronic documents,
the features of the software used by attorneys to generate documents and the practical measures
that may be taken to remove metadata from documents in order to prevent the disclosure of
confidential information. Id.
Maryland holds that, absent an agreement with the other parties, the sending attorney has
an ethical obligation to take reasonable measures to avoid the disclosure of confidential or work
product materials imbedded in electronic discovery. Maryland State Bar Assn. Committee on
Ethics, Ethics Docket 2007-09. The Committee notes, however, not every inadvertent disclosure
of privileged or work product material would constitute a violation of Rule 1.1 and/or Rule 1.6
because each case is evaluated based on the applicable facts and circumstances. Id.
11
Minnesota‟s Lawyers Professional Responsibility Board Ethics Op. 22 (March 26, 2010)
notes that a lawyer has a duty not to knowingly reveal information relating to the representation
of a client, except as otherwise provided by the Rules. Attorneys also have a duty to act
competently to safeguard information relating to the representation of a client to avoid
inadvertent or unauthorized disclosure. Id. The attorney‟s duties with respect to such
information extend to and include addressing the issue of metadata in electronic documents. Id.
A lawyer is ethically required to act competently to avoid the improper disclosure of confidential
and privileged information in metadata in electronic documents. Id. The Board, in its Opinion
22, stated that a lawyer‟s duty of competence under Rule 1.1 required that attorney‟s understand
the following about metadata:
(1) that metadata is created in electronic documents;
(2) that the transmission of electronic documents includes metadata;
(3) that recipients may be able to access the metadata; and,
(4) that steps can be taken to prevent or minimize the transmission of metadata.
Id.
The New Hampshire Bar Association‟s Ethics Committee has held that a sending
attorney who transmits electronic documents or files has a duty to use reasonable care to guard
against disclosure of metadata that might contain confidential communications. Opinion 2008-
2009/4. The New Hampshire Committee, consistent with many other states, notes that what
constitutes reasonable care will depend upon the facts and circumstances. Id. There is no per se
rule in New Hampshire on the transmission of metadata.
The New York State Bar Association‟s Committee on Professional Ethics has stated that
an attorney who uses technology to communicate with clients must use reasonable care with
12
respect to such communications, and must assess the risks attendant in the use of that technology
and must determine if the mode of transmission is appropriate under the circumstances. Opinion
782. Again, what is reasonable will vary with the circumstances. Id. On the issue of metadata,
the Committee stated that attorneys have an obligation to use reasonable care when transmitting
documents by e-mail to prevent the disclosure of metadata containing client confidences or
secrets. Id.
The North Carolina State Bar, in its Formal Ethics Opinion 1 (January 15, 2010) has
stated that the professional obligation to use reasonable care to protect and preserve confidential
information extends to the use of communications technology. However, while an attorney is
not obligated to use only “infallibly” secure methods of communication, a lawyer must take steps
to minimize the risks that confidential information may be disclosed in a communication. Id.
Regarding metadata, lawyers should exercise reasonable care to avoid inadvertently disclosing
information in an electronic communication. Id. As in most other states, what is reasonable
depends on the circumstances, including the steps the lawyer takes to avoid the disclosure of
metadata. Id.
In Oregon, Formal Opinion 2011-187, approved by the Board of Governors in November
2011, notes that competent representation and protecting the confidences of a client to protect its
information extends to electronic information. Information relating to the representation of a
client may include metadata in a document. Id. Taken together, Rules 1.1 and 1.6 indicate that a
lawyer is responsible for acting competently to safeguard information relating to the
representation of a client contained in communications with others. Id. Competency in relation
to metadata requires that an attorney using electronic media for communication to maintain at
13
least a basic understanding of the technology and risks of revealing metadata or to obtain and
utilize adequate technology support. Id.
In Pennsylvania, the Bar Association Committee on Legal Ethics and Professional
Responsibility stated, in its Opinion 2009-100, that the Pennsylvania Rules of Professional
Conduct require that the responsibility of keeping client confidences is primarily imposed upon
the sending attorney. Accordingly, the transmitting attorney has a duty of reasonable care to
remove metadata from electronic documents before sending the documents to a third party. Id.
The Vermont Bar Association Professional Responsibility Section, in its Opinion 2009-1,
stated that, based upon the language in its Rules of Professional Conduct, an attorney has the
duty to exercise reasonable care to ensure that confidential information that is protected by the
attorney client privilege and/or the work product doctrine is not disclosed. This duty extends to
all forms of information handled by attorneys, including documents that are transmitted
electronically to opposing counsel that may contain metadata embedded in the electronic file.
Op. 2009-1.
The Washington State Bar Association, in its Advisory Opinion 2216 (2012), has stated
that a lawyer has a duty to act competently to protect confidential information that may be
reflected in a documents metadata against inadvertent or unauthorized disclosure, including
making reasonable efforts to “scrub” metadata reflecting any personal information from a
document before sending it to another attorney.
In Washington, D.C., the Bar‟s Legal Ethics Committee has held that, outside of a
discovery/subpoena context, lawyers who are transmitting documents have an obligation under
the Rules to take reasonable steps to maintain the confidentiality of documents in their
possession. D.C. Opinion 341. This duty includes taking care to avoid providing electronic
14
documents that inadvertently contain accessible information that is either a confidence of a secret
and to employ reasonably available technical means to remove such metadata before sending the
document. Id.
West Virginia Bar Association Lawyer Disciplinary Board, Legal Ethics Opinion 2009-
01, sets forth that a lawyer‟s duties under Rule 1.1 and Rule 1.6 includes taking care to avoid the
provision of electronic documents that inadvertently contain accessible information that is either
confidential or privileged, and to employ reasonable means to remove such metadata before
sending the document. L.E.O. 2009-01. Lawyers must either acquire an understanding of the
software that they use or must ensure that their office employs safeguards to minimize the risk of
inadvertent disclosures. Id.
Wisconsin‟s State Bar Professional Ethics Committee, in Opinion EF-12-01, stated that
an attorney‟s duty is to act competently in transmitting documents related to the representation of
clients. A lawyer is obligated to stay reasonably informed about the types of metadata included
in electronic documents and must take steps, when necessary, to remove the metadata. Id. The
Bar imposes a duty of reasonable care. Id. What constitutes reasonable precautions varies by the
case circumstances and the evaluation of a variety of considerations. Id.
3. Can attorneys ethically look for metadata in the electronic files sent to them by an
adversary and use it? Is there a duty of notification?
Looking for metadata in electronic documents is commonly referred to as mining. Even if
the changes to a document are hidden, these changes can often easily be located by clicking
within a document, using the “un-delete” function, changing program settings or holding the
cursor over a location in the document. In addition to these “easy” ways of finding metadata, the
same programs that are used to remove metadata from documents can be used to search
documents for this hidden information.
15
There are differing views across the states with regard to an attorney‟s right to look for
metadata in documents that are sent to them by an adversary. Even in states that allow an
attorney to mine for metadata, there are often restrictions imposed on the use of such data. Still
other states do not allow an attorney to use technology that is designed to thwart an attorney‟s
attempt to scrub his document of data, in other words, while mining for data left in a document
may be ok, it is generally not ok to use a program that puts back metadata that an attorney
actually removed from a document before sending it. Several of the states that prohibit data
mining have likened the practice of looking for metadata in an opponent‟s documents to
dishonest conduct and/or intentional conduct interfering in the attorney-client relationship
between a third party and its counsel.
a. ABA View
ABA Formal Opinion 06-442 states that the ABA Model Rules do not specifically
prohibit a lawyer‟s reviewing and using embedded information in electronic documents, whether
received from an opposing counsel, an adverse party or the party‟s agent. ABA Formal Opinion
06-442 (Aug. 6. 2006). The ABA Standing Committee on Ethics and Professional
Responsibility believes that data mining is permissible. ABA Formal Op. 06-442. However, if
the lawyer knows or reasonably should know that the transmission was inadvertent, then the
lawyer needs to notify the sending attorney. ABA Formal Op. 05-437. ABA Formal Opinion
05-437 notes the provisions of Rule 4.4, which require that an attorney is obligated to provide
notice to the sender of a document relating to the representation of the lawyer‟s client when the
attorney knows or reasonably should know that the document was inadvertently sent. While
Model Rule 4.4(b) obligates the receiving attorney to notify the sender of the inadvertent
transmission, it does not require the receiving attorney to refrain from examining the material or
16
to abide by the instructions of the sending attorney with regard to the document. ABA Formal
Op. 05-437.
b. State Views
In Alabama, a lawyer receiving communications has an ethical obligation to refrain from
mining from an electronic document. Formal Op. 2007-02. The State Bar Commission has held
that the mining of metadata constitutes a knowing and deliberate attempt by a recipient attorney
to acquire confidential and privileged information in order to obtain an unfair advantage against
an opposing party. Id.
Similarly, Arizona does not permit the mining of metadata. In Ethics Opinion 2007-03,
the Ethics Committee stated that lawyers should refrain from conduct that amounts to an
unjustified intrusion into the lawyer-client relationship that exists between the opposing party
and its counsel. Id. Moreover, a lawyer who receives an electronic communication may not
examine it for the purpose of discovering embedded metadata. Id. However, because metadata
may be discovered through inadvertent or relatively innocent means, the Arizona Ethics
Committee did not extend its prohibition on mining data to mean that all activities necessarily
rise to the level of an ethical concern. Id. If an attorney discovers metadata, by any means, and
knows or reasonably should know that the sender did not intend to transmit the information, then
the attorney has a duty to follow the requirements of Rule 4.4(b). Id. Arizona Rule 4.4(b)
requires the prompt notification of the sender and requires the attorney to preserve the status quo
for a reasonable period of time to allow the sender to take protective measures. Id.
In Colorado, an attorney may mine for metadata, unless the sender notifies the recipient
of the inadvertent transmission of confidential information, before the recipient views the
metadata. Ethics Op. 119. In such an instance, the attorney may not examine the metadata and
17
must abide by the sending attorney‟s instructions regarding the disposition of the metadata. Id.
Generally, however, the receiving attorney may ethically search for and review metadata that is
embedded in an electronic document. Id. Colorado‟s permissive scheme is limited, however. If
the receiving attorney knows or reasonably should know that the sending party has transmitted
metadata containing confidential information, then the receiving attorney should assume that the
information was transmitted inadvertently, unless the receiving attorney knows that
confidentiality has been waived. Id. Absent knowledge of a waiver, if the metadata contains
confidential information, then the recipient must promptly notify the sending party of the receipt
of the information. Id.
Florida does not permit the mining of metadata. In Ethics Opinion 06-02, the Florida Bar
Ethics Department stated that it is the recipient lawyer‟s obligation not to try to obtain
information from metadata relating to the representation of the sender‟s client that the recipient
knows or should know is not intended for the recipient. Id. If the recipient attorney
inadvertently obtains information from metadata that the recipient knows or should know was
not intended for the recipient, the lawyer must promptly notify the sender. Id.
In Maine, an attorney may not ethically take steps to uncover metadata that is embedded
in an electronic document sent by counsel for another party. Opinion 196. This prohibition
extends to all information that is legally confidential and is or should be reasonably known to
have been unintentionally communicated. Id. Maine has not articulated an opinion with regard
to an obligation to notify the other side of the receipt of metadata, but has referenced Florida‟s
rule, which includes the requirement that the attorney notify the sender of inadvertently
transmitted metadata. Id.
18
In contrast, Maryland allows the mining of metadata, subject to any legal standards or
requirements. Maryland Ethics Docket No. 2007-09. The Maryland Committee on Ethics
believed that there was no ethical violation if the recipient attorney (or those working under the
attorney‟s direction) reviewed or made use of the metadata without first determining whether the
sender intended to include such metadata. Of note is the fact that Maryland‟s Rules of
Professional Conduct do not include ABA Model Rule 4.4(b). Thus, Maryland does not require
the receiving attorney to notify the sending attorney that there may have been an inadvertent
transmission of privileged or otherwise protected materials. Id. Nevertheless, the Committee
notes that the receiving attorney can, and probably should, communicate with his or her own
client regarding the pros and cons of whether to notify the sending attorney and/or to take other
appropriate action. Id.
In Minnesota, the question of whether an attorney can mine for metadata is fact specific.
In the Lawyers Professional Responsibility Board Opinion No. 22, the Board noted that the
opinion was not meant to suggest that there is an ethical obligation for a receiving attorney to
look or not look for metadata in an electronic document. Rather, the questions of whether and
when a lawyer may be advised to look or not look for metadata was considered beyond the scope
of the Board‟s opinion. Id. However, despite these statements, Minnesota attorneys are required
under Rule 4.4(b) to promptly notify the document‟s sender if the lawyer receives a document
that he knows, or reasonably should know, inadvertently contains confidential or privileged
metadata. Op. No. 22.
In New Hampshire, mining for metadata is not permitted. The Ethics Committee
Opinion 2008-2009/04 applies an objective standard and holds that the receipt of confidential
information through metadata is the result of inadvertence. Thus, Rule 4.4(b) imposes an
19
obligation on the receiving lawyer to refrain from reviewing the metadata. Id. Moreover, to the
extent that the metadata is unintentionally reviewed, receiving lawyers should abide by the
directives set forth in Rule 4.4(b). Id. New Hampshire Rule 4.4(b) requires that when an
attorney knows that the material was inadvertently sent, the sender must be promptly notified
and the receiver may not review the materials. Id. The receiving attorney shall abide by the
sender‟s instructions or shall seek the determination of a tribunal regarding what to do with the
documents. Id.
In New York, mining for metadata is not permitted. New York State Bar Association
Committee on Professional Ethics Opinion 782. The Committee held that the strong public
policy in favor of preserving confidentiality prohibited the use of technology to obtain
information that may be protected by the attorney-client privilege, the work product doctrine or,
may otherwise constitute a secret of another lawyer‟s client. Id. Such use would violate the
letter and spirit of the disciplinary rules. Id. The Association of the Bar of the City of New
York‟s Committee on Professional and Judicial Ethics, in Formal Opinion 2003-04, held that an
attorney who receives a communication and is exposed to its contents prior to knowing or having
reason to know that the communication was misdirected is not barred, at least by ethics rules,
from using the information. However, the receiving attorney is ethically obligated to promptly
notify the sending attorney of the inadvertent disclosure in order to give the sending attorney a
reasonable opportunity to take whatever steps necessary to prevent further disclosure. ABCNY
Formal Op. 2003-04.
In North Carolina, attorneys cannot search for confidential information embedded in the
metadata of an electronic communication from another party of a lawyer for another party.
North Carolina State Bar 2009 Formal Ethics Op. 1 (Jan. 15, 2010). In doing so, a lawyer
20
interferes with the client-lawyer relationship of another lawyer and undermines the
confidentiality that it is the bedrock of such a relationship in violation of Rule 1.6. Id. If an
attorney unintentionally views confidential information within metadata, the lawyer must notify
the sender and may not subsequently use the information revealed without the consent of the
other lawyer or party. Id. The lawyer does not have to return the document. Id. The North
Carolina Bar recognized that metadata can contain confidential information even if the sending
attorney takes steps to properly scrub a document. Id.
In Oregon, an attorney who receives a document containing metadata can reasonably
conclude that the metadata was left in intentionally. Formal Opinion 2011-187, citing
Goldsborough v. Eagle Crest Partners, 314 Or. 336 (1992). The Goldsborough court held that,
in the absence of evidence to the contrary, an inference may be drawn that a lawyer who
voluntarily turns over privileged material during discovery acts within the scope of the lawyer‟s
authority from the client and with the client‟s consent. If the receiving lawyer knows or
reasonably should know that metadata was inadvertently included in the document, then Oregon
Rule 4.4(b) requires notice to the sender, but does not require the return of the document.
Formal Op. 2011-187.
The Pennsylvania Committee on Legal Ethics has not taken a definitive position on the
issue of the mining of metadata. Rather, the Committee has suggested that an attorney must
decide whether to use metadata on a case by case basis, considering their duties to the client
under the rules. Those duties must be evaluated in light of substantive and procedural law.
Pennsylvania Formal Opinion 2009-100. In determining whether he or she can use the
information as a matter of substantive law, the attorney must consider the potential effect of the
use of the data on the client‟s matter, and the attorney should advise and consult with the client
21
about the appropriate course of action under the circumstances. Id. However, it is the law in
Pennsylvania that an attorney who receives inadvertently disclosed documents has an ethical
obligation to notify the sender of the receipt of the comments containing the metadata. Formal
Opinion 2009-100.
In Vermont, attorneys can mine for metadata. The Vermont Bar Association Professional
Responsibility Section stated that is was aware of nothing that would compel the conclusion that
a lawyer would be ethically prohibited from reviewing an electronic file from opposing counsel.
Ethics Opinion 2009-1. That review can include using tools to expose the file‟s content,
including metadata. Id. The opinion did not address whether inadvertent disclosure via metadata
would constitute a waiver of the document‟s privileged status. Id. Under Vermont Rule of
Professional Conduct 4.4(b), Vermont lawyers are obliged to notify opposing counsel if they
receive documents that they know or reasonably should know were inadvertently disclosed. Id.
In Washington State, lawyers may review readily accessible metadata that is transmitted
by an opposing counsel in an electronic document, but may not use sophisticated forensic
software to extract metadata from a “scrubbed” document. Washington State Bar Assn. Rules of
Prof. Conduct Comm., Informal Op. 2216 (2012).
In Washington, D.C., an attorney may not mine for metadata is he or she has actual
knowledge that the metadata was sent inadvertently. Ethics Opinion 341. The ethics committee
stated that, notwithstanding the negligence or ethical lapse of the sender, the receiving lawyer‟s
duty of honesty requires that he refrain from reviewing the metadata until he has consulted with
the sending lawyer to determine whether the metadata includes privileged or confidential
information. Id. If such information is present, then the receiving lawyer should comply with
the instruction of the sender. Id. The Committee further specified that a receiving attorney has
22
actual knowledge if he is told by the sending lawyer of the inadvertent disclosure before
reviewing the document or if the receiving lawyer immediately notices upon review of the
metadata that it is clear that protected information was unintentionally included. Id. An attorney
has an obligation to notify the sending attorney if the recipient has actual knowledge that the
transmission of the metadata was inadvertent. Id. If the recipient is unsure whether or not the
sender intended to include the particular information, the sending attorney should be contacted to
inquire. Id.
In West Virginia, the mining of metadata is not permitted if the receiving attorney has
actual knowledge that the metadata was sent inadvertently. L.E.O. 2009-1. If the receiving
attorney has actual knowledge that the metadata was inadvertently sent, then the lawyer should
not review the metadata and should consult with the sending attorney to determine whether or
not the metadata contains work product confidences. Id. If the attorneys cannot agree on how to
handle the matter, either attorney could seek a ruling for a court or other tribunal on the issue.
Id. However, if it is unclear whether or not the disclosure was inadvertent, then the Board
considered it “safer” to notify the sender before searching electronic documents for metadata. Id.
Attorneys should be cautioned, however, that while the Opinion states that an attorney must have
“actual knowledge” that the transmission was inadvertent, the Opinion also implies that the
receiving attorney should presume that the sending was inadvertent. Id. Thus, it would appear
that a better course of action when practicing in West Virginia may be to err on the side of
caution and assume that the production was inadvertent. Id.
In Wisconsin, the mining of metadata is permitted. State Bar Professional Ethics Comm.
Opinion EF-12-01. However, if any attorney discovers information of “material significance,”
23
then the attorney should assume that the disclosure was inadvertent and must notify the sender.
Id.
**
In those states where an attorney may, but is not obligated to, return documents that
inadvertently contain metadata, it may be advisable to discuss with the client the pros and cons
of returning or keeping the documents. While the decision whether to return the document may
be considered a decision to be made by the attorney, consistent with the appropriate ethical
considerations, the client should be kept informed regarding such developments during the
course of the representation.
These inconsistencies between the various state ethics opinions could lead to inter-
jurisdictional conflicts. For example, an attorney in Arizona may not mine for metadata in a
document received from an opposing counsel in Colorado, but the Colorado attorney can mine
for metadata in the Arizona attorney‟s documents and may be expected to do so. An attorney
admitted in multiple jurisdictions would be properly cautioned to be mindful of the potential
implications of his conduct regarding metadata because what is allowed in one state, may be
considered a serious ethical violation in another state. For example, consider Maryland and the
District of Columbia – in Maryland, an attorney does not even have to notify opposing counsel
of an inadvertently produced document while the District of Columbia takes a different view and
requires notification. An attorney barred in both jurisdictions could find him or herself subject to
ethical scrutiny because of the differences between the Rules.
E. METADATA AND DISCOVERY
In litigation, lawyers send, produce and receive electronically stored information
containing metadata in response to discovery requests or subpoenas. In general, the anti-mining
24
opinions cited above do not apply to a lawyer‟s ethical obligations regarding documents that are
sent or received in response to discovery requests. Thus, in the context of discovery, attorneys
are generally allowed to search for and examine metadata. In litigation, a lawyer may be subject
to obligations other than the Rules of Professional Conduct, including applicable Rules of Court
and Orders governing the conduct of the litigation.
In litigation, metadata is generally considered discoverable, unless it is privileged or
otherwise immune from discovery. For the most part, it would seem unlikely that most
metadata, other than perhaps tracked changes or comments, could be subject to claims of
privilege.
The District of Columbia, as noted above, is one of the only jurisdictions to address the
issue of ethics of metadata in the discovery context. In Ethics Opinion 341, the D.C. Bar stated
that, even in the context of discovery or other judicial process, if a receiving lawyer has actual
knowledge that metadata containing protected information was inadvertently sent by the sending
lawyer, the receiving lawyer should advise the sending lawyer and determine whether such
protected information was disclosed inadvertently.
In D.C. Ethics Opinion 256, the Bar stated that the determining line between an ethical
and an unethical use of inadvertently disclosed information is based on the receiving lawyer‟s
knowledge of the inadvertence of the disclosure. If the sender advises that the information was
inadvertently produced, then the receiving attorney should follow the directives of the sending
attorney regarding the disposition of the electronic documents. However, the receiving attorney
is permitted to take steps to ensure that the evidence is not destroyed and to preserve the right to
challenge the claim that the document is privileged or otherwise not subject to discovery. Thus,
25
the District of Columbia treats metadata inadvertently produced in discovery the same as it treats
other inadvertently produced information.
In litigation or potential litigation contexts, the practice of removing metadata before the
transmission of documents may be superseded by the duty to preserve evidence. Often this duty
to preserve documents includes to obligation not to scrub certain metadata. For example, ABA
Model Rule 3.4(a), fairness to the opposing party and counsel, states that a lawyer shall not
unlawfully obstruct another party‟s access to evidence or unlawfully alter, destroy or conceal a
document or other material having potential evidentiary value. West Virginia State Bar Ethics
Opinion 2009-01 (June 10, 2009) stated that, in a discovery or subpoena context, a lawyer must
be careful where electronic documents constitute tangible evidence. Rule 3.4(a) prohibits
altering, destroying or concealing material having evidentiary value. Thus, the removal of
metadata might be prohibited.
Several federal courts, in addressing the issues of metadata, have stated that parties must
preserve the integrity of the electronic documents, including formatting, metadata and history. If
a lawyer reasonably anticipates litigation, or it has received a litigation hold letter or a subpoena,
then the lawyer must take care to preserve documents and to prevent the routine deletion of
metadata, especially data that may be present in relevant documents. In order to avoid sanctions
for spoliation, and potential ethical liability for violating Rule 3.4, attorneys should take care to
protect their own documents. Attorneys should also take care to properly advise clients
regarding the potential for litigation.
An attorney has a duty to review metadata for confidential information, including
information protected by the attorney-client privilege. The diligence applied to the search will
affect whether confidentiality and/or privilege claims will be considered waived on any
26
inadvertently produced information. See, e.g., Victor Stanley v. Creative Pipe, Inc., 250 F.R.D.
251 (D. Md. 2008) (discussing reasonableness). When conducting file reviews, responsive yet
privileged metadata cannot be removed from the file, but must be redacted, as set forth in the
applicable discovery rules.
Ethical considerations often become most critical when dealing with the issue of
inadvertently produced information. For the producing party, there are considerations of
competency and the failure to adequately protect client confidences. At a minimum, the
producing party must request the return or destruction of the inadvertently produced documents,
including the metadata. In certain states, like Maryland, where there is no duty imposed on the
receiving party to notify the sending attorney of an inadvertent disclosure, the onus is on the
sending attorney to recognize that he or she may have made an error in document production.
The burden of getting the information back is on the producing party.
However, party receiving the data also has ethical obligations. The receiving party
should review the metadata received to make sure it is complete and not altered or deleted. As
noted above, in the discovery context, prohibitions against the mining of metadata generally do
not apply. Attorneys would be well-advised to review any applicable state ethics opinions
regarding metadata mining to make sure that any prohibitions or limitations do not extend into
the discovery context - most do not. Moreover, a lawyer who receives metadata during the
discovery process is generally considered justified in assuming that the metadata was provided
intentionally. If however, as discussed above, the lawyer learns that the metadata was
inadvertently produced, then the ethical obligations of Rule 4.4(b) may be applicable.
27
F. RISK MANAGEMENT AND BEST PRACTICES
At a minimum, all attorneys should possess a basic knowledge of metadata. Simple care
can prevent most inadvertent transmissions of data. The implementation of adequate procedures
and/or the use of protective software programs can prevent many of the mishaps that occur with
regard to electronic communications. Attorneys should be aware of their ethical obligation to
exercise reasonable care and satisfy their obligations by taking adequate precautions with regard
to electronic communications and document transmission.
Attorneys should assess their own needs for further education and training regarding
metadata. In situations where the metadata really matters, engaging a consultant or a third party
vendor to handle the electronic data may be a helpful place to begin. For day to day matters,
your firm‟s risk management committee or IT staff can be a resource for addressing questions of
metadata and adequately safeguarding client confidences and information.
Attorneys should have rules and procedures in place within their firms regarding the use
of e-mail by employees. Depending on the circumstances, there may be situations where e-mail
should not be used as a communication device. Depending on your area of practice, there may
be certain documents that should never be sent electronically or documents that should never be
sent in their native format. In those instances, faxes, mail, and messengers may be more
appropriate for sending certain communications.
As part of its document retention policy, every firm should have a policy regarding the
retention and destruction of metadata. Whether metadata is kept or destroyed, and when, is
largely a function of the firm in its normal course of business. These policies should be
developed to conform with local ethics rules, and firms with multiple offices should take extra
28
caution to make sure that their record and data retention policies conform to the rules applicable
to the state in which the office is located.
Before sending documents or information electronically, assess the situation and the
potential risks. Who is the document being sent to? Sending a document within your firm or to
a client is likely less risky than sending one to your opposing counsel. Assess the document –
When was it created? Were you the only person working on the document? If so, then there
may be limited real metadata concerns.
Have a policy in your office or firm addressing issues of document security. The surest
way to avoid running afoul of ethics rules regarding metadata is to send documents only by hard
copy or by fax. Unfortunately, such a policy is unrealistic and, in the context of litigation, and
the ESI rules, most likely impossible to maintain. However, there are some basic steps that can
be taken to minimize the risks to you, your firm and your clients, with regard to metadata.
Before sending documents electronically, it is wise risk management to check the format
of the document. It may be a wise practice, if you are permitted to do so, to convert your
documents into a format that is more difficult to mine for metadata. Sending a PDF or a scanned
document is generally less risky than sending a document that can be edited. PDF files still
contain metadata, but not as much as a file that can be edited. Further, PDF files can be cleaned
by a metadata scrubber.
Consider minimizing the risk of inadvertently transmitting metadata by using a third
party scrubber or other program to remove metadata from documents. Third party scrubbers will
notify users about the existence of metadata in documents and will prompt a user to clean
embedded hidden data from documents. There are a number of products on the market that will
remove hidden data from your e-mail and other documents before mailing. Moreover, many
29
commonly used software packages provide their own metadata tools. Use of these scrubbers
should be considered an important last step before transmitting any electronic communications
outside of your office.
If a scrubber is not readily available, then you can copy the text and paste it into a new
document. A copy and paste will get rid of some metadata, like deleted comments and track
changes. Copying text and then doing a “paste special” of unformatted text will also get rid of
metadata – unfortunately, it will get rid of your document formatting as well.
However, caution should be used when the document being sent may be subject to
discovery.2 Scrubbing can alter the original file permanently. If parties are in litigation, or are
aware of the potential for litigation, it may be appropriate to discuss and agree on the parameters
of electronic discovery and production with opposing counsel before scrubbing any metadata.
Advise your clients about metadata. Attorneys should talk to their clients to determine
how much they know and understand about metadata. In cases where there will be document
production, attorneys should, at a minimum, discuss litigation holds and the preservation of
electronically stored information. Clients should also be counseled regarding their internal and
external communications, and the preservation, or removal of metadata, depending on the
circumstances. ESI obligations, and sanctions for failure to comply with the duty to preserve
documents are becoming more common. ESI obligations often start the day a lawsuit is filed,
which may be weeks before counsel is retained. A company‟s document retention and
preservation policies are subject to increased scrutiny and the penalties for violating ESI
obligations can be severe.
2 Clawback or non-waiver agreements, under which inadvertently produced material is returned
without waiver may also be an appropriate topic to discuss with clients and opposing counsel. The amendments to
the Federal Rules of Civil Procedure recommend such agreements.
30
CONCLUSION
The exchange of electronic documents, whether via e-mail or in discovery, is a
significant part of the modern practice of law. An attorney must always remember that these
electronic documents carry metadata with them. Staying informed about new technology and
new products for dealing with metadata are essential for complying with ethical obligations and
are good risk management practices.
It is clear from the wide divergence of the ethics opinions discussed herein, and the fact
that so many states have not even addressed the question, that the issue of the ethics of metadata
is still evolving. Attorneys would be well-served to familiarize themselves with the opinions that
have been issued in the jurisdictions where they practice, as well as the general guidance
provided by the ABA.
At a minimum, it seems clear that in any discussion about metadata, its creation, and its
removal from documents, the guiding principle is “reasonable care.” Every attorney will be
obligated to protect their clients by exercising reasonable care with regard to the transmission of
electronic documents to opposing counsel and other third-parties. The same level of awareness
that attorneys apply to maintaining client confidences and protecting client information in
general should be carried over into the world of e-mail and other electronic communications.
Taking the time to develop a consistent policy and practice with regard to metadata will help to
avoid potential ethical liability, malpractice liability and sanctions.