I have been writing and lecturing about metadata for years. (And in case you have forgotten, metadata is the “hidden” information about the electronic documents we create that we’re all supposed to be worried about.) I guess for some of late, I’ve run on with the topic long enough because a few have started to say “enough already.” Then this happened.
Earlier this year I was on the road visiting a dozen or so law firms over the course of two weeks and learned that several attorneys at two different firms were routinely emailing documents out to other attorneys without first removing the associated metadata. Making matters worse, in many instances the attorneys who were in receipt of these documents didn’t have to do anything to view the metadata. In other words, there was no metadata mining going on, no digging for it. All they had to do was open the document and they would find interesting and useful information staring them in the face. Think tracked changes as an example. Now here’s the kicker, no one was saying anything to anyone in order to keep the information coming. After all, this is a gift that keeps on giving. “Enough already.” I don’t think so.
Let’s talk ethics for a minute. There are basically two issues in play when it comes to metadata. The first is an attorney’s obligation to maintain client confidences, some of which can be metadata based. There is no exception in the confidentiality rule that says an attorney needn’t worry about maintaining client confidences if an electronic document is in use. This is why firms routinely require that all electronic documents be either scrubbed clean of metadata or converted to a pdf format prior to sending. Our professional conduct rules mandate this outcome. In fact, I can assure you that the two firms where the above mentioned problem attorneys practice have such a rule in place.
The second, and in my mind more interesting issue, concerns the viewing of metadata. At its most basic, if an attorney receives electronic documents with associated metadata intact, may the attorney view it? Suffice it to say that the issued ethics opinions on the subject run the gamut. Some opinions state it’s fine to take your advantages where you find them. At the other extreme you will find ones that say nope, can’t do it. But here’s where it gets interesting. If you read the opinions that come down on the side of saying an attorney should not view metadata, you often find an analysis that mirrors the analysis used with opinions issued over misdirected faxes back in the day. You find terms including the likes of inadvertent disclosure driving the analysis which takes me back to my story.
I can imagine that some of you reading this might be troubled by the story above. The fact that no attorney was willing to do the right thing and speak up seems so unfair. After all, the attorneys who sent the documents were simply unaware. Apparently they didn’t understand what metadata was all about, let alone what to do about it. Well I beg to differ. The attorneys receiving the useful information didn’t speak up because they understood there was nothing inadvertent about the actions of the attorneys who were sending out the documents.
Again, the Rules of Professional Conduct are in play. As attorneys we are to maintain client confidences. And in today’s world, professional competency means having an understanding about what computers and applications like word processing programs do and don’t do. This isn’t optional. You see, I understand why the attorneys receiving the documents kept their mouths shut. I actually think they made the correct decision because the ongoing disclosures were not inadvertent. A number of years ago, I might have called the disclosures innocent or naive, but not today. Today, I would label the attorneys who continue to routinely send out documents with the associated metadata intact incompetent. Yes, that may seem harsh, but it is true nonetheless.
If you aren’t already responsibly addressing the issues surrounding metadata on a daily basis, all I can say is now is the time and here’s why. There are firms that are using software tools that literally mine for metadata and sometimes they hit real pay dirt. Should opposing counsel ever do that to you, do you really want to try to argue that your routine delivery of the metadata was an unintentional act? I suspect that any impacted client would be less than impressed with that approach. In fact, I think they would call it what it is, just as I did, incompetent.
As a Risk Manager for ALPS, Mark Bassingthwaighte. Esq. is responsible for developing and delivering new risk management and CLE products and services, risk management consulting, law firm risk evaluations, and writing content for the ALPS 411 blog at: www.alps411.com. In his tenure with the company, Mark has conducted over 1,000 law firm risk management assessment visits, presented numerous continuing legal education seminars throughout the United States and written extensively on risk management and technology. Mark received his J.D. from Drake Law School. He can be contacted at: email@example.com