The Hidden Dangers of Document Metadata

TOPICS:

Posted By: Lawrence Gridin September 13, 2008

To follow up on Omar Ha-Redeye‘s post about the ethical challenges of practicing law with new information technology, I received the following interesting excerpt from the CBA newsletter in my email inbox:

Metadata: A cautionary tale

Two lawyers are working together on a contract for a client, using a similar contract prepared for another client and fine-tuning the wording to suit this situation. They have used technology to full advantage, saving the original contract under a new name, tracking changes, and writing comments to each other as the drafts evolved. When the draft is ready, one of the lawyers switches from “Final Showing Mark-up” to “Final”, and sends the document to the client by e-mail.

Imagine their distress when the lawyers find out that the client was able to access the document metadata to learn the name of the other client, read the original document prepared for that client, and see all the changes and comments made.

Not only is this embarrassing, it is a breach of professional ethics.

Minesweeper - Hidden dangers.It’s important to understand that most word processing and other “office suite” programs automatically attach metadata to documents, often without the lawyer’s knowledge. Usually this “automatic” metadata would contain things like: the author’s name; the date the document was last saved; and how much time was spent working on the document.

If the lawyer makes use of commenting or revision tracking features, as described in “cautionary tale” above, the metadata would be rich with all sorts of juicy – and confidential – details that could come to the attention of a client, adversary, or third party. For example, anyone with tech savviness could discover the names of reviewers, the number of revisions, and might even be able to see the hidden reviewers’ comments that do not appear on printed copies of the document.

The CBA’s new “Guidelines for Practicing Ethically with New Information Technologies” recommend that lawyers clear the metadata of their documents before sending them out to the client or adversary, just in case:

Lawyers have an ethical obligation, when transmitting documents electronically, to exercise reasonable care to ensure that clients’ confidential information is not disclosed in the
metadata.

There are practices that minimize the creation of metadata, as well as ways to remove the
hidden data before distribution or publication so it is not accessible to people for whom it is
not intended.  Before removing metadata, lawyers should ensure that there are no legal
requirements to retain the metadata (e.g. discovery obligations).

The new guidelines provide instructions on how to eliminate hidden data, which can be found in Appendix 2 of the document.

About the Author

Lawrence Gridin
Lawrence Gridin is currently a law student at the University of Western Ontario, graduating in the class of 2010. He completed his Bachelor of Science at the University of Toronto, majoring in Psychology and History. Lawrence volunteers at Western's Community Legal Services and has participated in the clinic's outreach program. His diverse interests include social justice, 20th century history, photography, boxing, and politics.

1 Comment on "The Hidden Dangers of Document Metadata"

  1. Johannes H. Schenk | September 15, 2008 at 4:31 pm |

    One rule to abide by when using any electronic record keeping is, “if it was there it probably still is.” Even erasing a hard drive doesn’t really erase data, it just makes it hard for amateurs to get at that data.

    Best practice is to print a copy of the document, scan it and send it out as a fresh electronic copy. The minimal amount of time this takes is well worth the assurance that there is no hidden data lurking in the file.

Comments are closed.