The Democratic National Committee was surprised recently when conservative bloggers accessed "metadata" in the DNC's Word document about U.S. Supreme Court nominee Samuel A. Alito Jr. in order to disclose the authors of the memorandum and the date it was created.[FOOTNOTE 1]

This was not the first time that organizations, including the United Nations and a prominent software company, have permitted inadvertent disclosure of private (and potentially embarrassing) information due to a lack of awareness or disregard of metadata.[FOOTNOTE 2]

Unfortunately, many lawyers also may be unaware of the existence of metadata. Nevertheless, inadvertent disclosure of metadata is one of the foremost risks facing lawyers today -- a risk made more acute by ethical and professional requirements to safeguard client confidences.

Generally speaking, the dangers exist in two contexts: in connection with an attorney's communications with a client's adversaries or third parties, and disclosure of a client's underlying documents and communications in the course of litigation.

In either circumstance, inclusion of metadata in the document provided could accidentally expose confidential information to the detriment of the client and the attorney-client relationship.

Metadata, commonly described as "data about data," has been defined as "information describing the history, tracking, or management of an electronic document."[FOOTNOTE 3] It has also been defined as "information about a particular data set which describes how, when and by whom it was collected, created, accessed, or modified and how it is formatted (including data demographics such as size, location, storage requirements and media information)."[FOOTNOTE 4]

Some examples of metadata for electronic documents include a file's name, its location (directory structure or pathname), its format or type, its size, its dates (creation date, date of last data modification, date of last data access and date of last metadata modification) and its permissions (who can read the data, who can write to it, who can run it).

Some metadata, such as file dates and sizes, can easily be seen by users; other metadata can be hidden or embedded and remain unavailable to those who are not technically adept.

Most metadata is generally not visible when a document is printed or when the document is converted to an image file. Metadata can be altered intentionally or inadvertently and can be extracted when native files are converted to image files.

Sometimes the metadata can be inaccurate, as when a form document reflects the author as the person who created the template but who did not draft the document.[FOOTNOTE 5] In addition, metadata can come from a variety of sources; it can be created automatically by a computer, supplied by a user or inferred through a relationship to another document.[FOOTNOTE 6]

The Microsoft Office Online Web site lists several examples of metadata that may be stored in commonly used Microsoft applications, such as Excel, Word or PowerPoint: author name or initials, company or organization name, identification of computer or network server or hard disk where document is saved, names of previous document authors, document revisions and versions, hidden text or cells, template information, other file properties and summary information, non-visible portions or embedded objects, personalized views and comments.

STATE BAR OPINION

It is important for lawyers to be aware of metadata and of how their software stores it in order to properly safeguard their clients' confidences.

Last December, the New York State Bar Association Committee on Professional Ethics issued an opinion finding that lawyers had an ethical duty to try to limit improper disclosure of metadata pursuant to DR 4-101(B), which states that a lawyer shall not "knowingly" reveal a client's confidences or secrets.[FOOTNOTE 7]

The opinion noted that metadata may, among other things, include editorial comments, strategy considerations, legal issues raised by the client or lawyer and legal advice provided by the lawyer.

Although not all metadata is necessarily confidential or secret, the committee noted that it may, in many circumstances, reveal information that is either privileged or the disclosure of which would be detrimental or embarrassing to the client.

For example, it explained, a lawyer may transmit a document by e-mail to someone other than the client without realizing the recipient is able to view prior edits and comments to the document that would be protected as privileged attorney-client communications. More dramatically, the committee pointed out, a prosecutor using a cooperation agreement signed by one confidential witness may use the agreement as a template in drafting the agreement for another confidential witness.

Therefore, the committee explained, when a lawyer sends a document by e-mail, as with any other type of communication, the lawyer must exercise reasonable care to ensure that she does not inadvertently disclose her client's confidential information.

The committee stated that what constitutes reasonable care will vary with the circumstances, including the subject matter of the document, whether the document was based on a "template" used in another matter for another client, whether there have been multiple drafts of the document with comments from multiple sources, whether the client has commented on the document and the identity of the intended recipients of the document.

Significantly, the committee found that reasonable care may, in some circumstances, call for lawyers to stay abreast of technological advances.

Accordingly, lawyers should be familiar with metadata and should make reasonable efforts to avoid transmission of documents where such transmission could jeopardize client confidences. This may mean, for example, using procedures embedded in the document creation software or third-party software to strip out metadata from documents or converting documents from their native application to .pdf or other solely graphical formats before sending them to others.

DISCOVERY

The exponential growth of electronic discovery obligations, the additional proposed changes proposed to federal disclosure and the evolution of technology will make electronic disclosure in general -- and metadata issues in particular -- some of the most perilous and costly aspects of litigation. For example, in weighing the cost and burden of electronic production, a federal court in Michigan recently warned that no longer would parties be able to merely demand every relevant document, but instead demands will need to be tailored based upon, among other things, the responding parties' technology systems and retention policy and the nature of the electronic data sought, including whether the production should be provided in its native application with metadata intact or in scrubbed, graphical formats.[FOOTNOTE 8]

The court was particularly concerned about the practical capability to complete cost-effective, pre-production privilege review of all documents and their metadata within a reasonable time frame and concluded that given the volume of materials requiring hands-on review, parties should craft a mechanism of post-production assertions of privilege, to be so ordered by the court.

Metadata also was the subject of a recent federal district court decision relating to pretrial discovery.[FOOTNOTE 9]

The plaintiff in this case brought suit on behalf of herself and others similarly situated, asserting that age discrimination by her former employer during a reduction-in-force (RIF). The parties engaged in discovery concerning the merits of the plaintiffs' pattern and practice allegations, and a dispute arose in connection with the company's production of spreadsheets related to the RIFs at issue in this case.

Specifically, the plaintiffs requested that the company be required to produce the actual electronic "active file" version of all the Excel RIF spreadsheets, rather than the indisputably "scrubbed" spreadsheets that had been produced with all the metadata removed.

The plaintiffs claimed that this metadata would have contained information such as file names, file dates, authors of the file, recipients of the file, print-out dates, changes and modification dates and other information. The plaintiffs' counsel noted that the defendant did not provide them with any type of log of what information was scrubbed.

The defendant claimed that it had scrubbed the metadata from the spreadsheets and locked certain data to prevent the plaintiffs from "undeleting" or recovering privileged and protected information properly deleted from the spreadsheets.

The court first pointed out that neither the federal rules nor case law provides sufficient guidance on the production of metadata.

It then turned to Comment 12.a. of the "The Sedona Principles: Best Practices, Recommendations & Principles for Addressing Electronic Document Discovery," which addresses metadata directly. The court noted that the comment listed several ways in which routine preservation and production of metadata may be beneficial, but that it balanced these potential benefits against the "reality that most of the metadata has no evidentiary value, and any time (and money) spent reviewing it is a waste of resources."

As the court observed, the comment concluded that a reasonable balance was that, unless the producing party was aware or should be reasonably aware that particular metadata was relevant, the producing party should have the option of producing all, some, or none of the metadata. The comment set forth a caveat to giving the option of producing metadata to the producing party: "Of course, if the producing party knows or should reasonably know that particular metadata is relevant to the dispute, it should be produced."

Despite the Sedona Principle's conclusion that metadata production was rarely warranted, the court nevertheless concluded that when a party is ordered to produce electronic documents as they are maintained in the ordinary course of business, the electronic documents should be produced with their metadata intact, unless that party timely objects to production of metadata, the parties agree that the metadata should not be produced or the producing party requests a protective order.

In the court's view, the initial burden with regard to the disclosure of the metadata should therefore be placed on the party to whom the request or order to produce is directed.

It added that placing the burden on the producing party was further supported by the fact that metadata is an inherent part of an electronic document, "and its removal ordinarily requires an affirmative act by the producing party that alters the electronic document."

The court rejected the defendant's relevancy, reliability and privilege arguments, finding that the defendant should have raised these issues prior to "its unilateral decision" to produce the spreadsheets with the metadata removed. Here, because the defendant had not objected and had not provided a privilege log identifying the electronic documents that it claimed contained privileged metadata, the court held that the defendant had waived attorney-client privilege or work product protection with regard to the spreadsheets' metadata (except for metadata directly corresponding information -- such as social security numbers -- that the court had earlier permitted the defendant to remove from the spreadsheets).

Fortunately for the defendant, the court recognized that the production of metadata was a new and largely undeveloped area of the law and thus that sanctions were not appropriate in this case. Nevertheless, every litigator is well advised to immediately seek clarification from the court and the client's adversary as to the scope of electronic production and take the steps necessary to preserve privilege pre-production and reserve the right to raise privilege without waiver post-production.

Given the undeveloped nature of the law, the continually evolving technology, the exponential dependence on the Internet to communicate and the potentially catastrophic impact of inadvertent disclosure of a client's secrets or confidence, the issue of metadata protection is likely to continue to plague unwary practitioners and inflate the cost of transaction and litigation representation.

Shari Claire Lewis is a partner at Rivkin Radler in Uniondale, N.Y., specializing in litigation in the areas of Internet, domain name and computer law as well as professional liability and medical device and product liability.

::::FOOTNOTES::::

FN1 "Beware Your Trail of Digital Fingerprints," Tom Zeller Jr., New York Times, Nov. 7, 2005.

FN2 Id.

FN3 Proposed advisory committee note to Federal Rule of Civil Procedure 26(f).

FN4 "The Sedona Guidelines: Best Practice Guidelines & Commentary for Managing Information & Records in the Electronic Age," App. F.

FN5 "The Sedona Principles: Best Practices, Recommendations & Principles for Addressing Electronic Document Discovery," Cmt. 12.a.

FN6 "The Sedona Guidelines," App. E.

FN7 Opinion Number 782 (Dec. 8, 2004).

FN8 Hopson v. Mayor & City Council of Baltimore, 2005 U.S. Dist. Lexis 29882 (D. Md. Nov. 22, 2005).

FN9 Williams v. Spring United Management Co., 2005 U.S. Dist. Lexis 21966 (D. Kan. Sept. 29, 2005)