To follow up on Omar Ha-Redeye‘s post about the ethical challenges of practicing law with new information technology, I received the following interesting excerpt from the CBA newsletter in my email inbox:
Metadata: A cautionary tale
Two lawyers are working together on a contract for a client, using a similar contract prepared for another client and fine-tuning the wording to suit this situation. They have used technology to full advantage, saving the original contract under a new name, tracking changes, and writing comments to each other as the drafts evolved. When the draft is ready, one of the lawyers switches from “Final Showing Mark-up” to “Final”, and sends the document to the client by e-mail.
Imagine their distress when the lawyers find out that the client was able to access the document metadata to learn the name of the other client, read the original document prepared for that client, and see all the changes and comments made.
Not only is this embarrassing, it is a breach of professional ethics.
It’s important to understand that most word processing and other “office suite” programs automatically attach metadata to documents, often without the lawyer’s knowledge. Usually this “automatic” metadata would contain things like: the author’s name; the date the document was last saved; and how much time was spent working on the document.
If the lawyer makes use of commenting or revision tracking features, as described in “cautionary tale” above, the metadata would be rich with all sorts of juicy – and confidential – details that could come to the attention of a client, adversary, or third party. For example, anyone with tech savviness could discover the names of reviewers, the number of revisions, and might even be able to see the hidden reviewers’ comments that do not appear on printed copies of the document.
The CBA’s new “Guidelines for Practicing Ethically with New Information Technologies” recommend that lawyers clear the metadata of their documents before sending them out to the client or adversary, just in case:
Lawyers have an ethical obligation, when transmitting documents electronically, to exercise reasonable care to ensure that clients’ confidential information is not disclosed in the
metadata.There are practices that minimize the creation of metadata, as well as ways to remove the
hidden data before distribution or publication so it is not accessible to people for whom it is
not intended. Before removing metadata, lawyers should ensure that there are no legal
requirements to retain the metadata (e.g. discovery obligations).
The new guidelines provide instructions on how to eliminate hidden data, which can be found in Appendix 2 of the document.
One rule to abide by when using any electronic record keeping is, “if it was there it probably still is.” Even erasing a hard drive doesn’t really erase data, it just makes it hard for amateurs to get at that data.
Best practice is to print a copy of the document, scan it and send it out as a fresh electronic copy. The minimal amount of time this takes is well worth the assurance that there is no hidden data lurking in the file.