Nearly every electronic document contains metadata: embedded information that is generated during the course of its creation, editing or transmission. Metadata can reveal much about a document, including who authored, modified or viewed it and when, any edits to or comments about the document, and any content that was deleted from the final version. Metadata also may reveal confidential information or attorney work product. For instance, sensitive information about prior clients may be embedded in contract templates, and drafts revealing litigation strategy may be hidden in briefs.
Given the potential for the production of privileged information unwittingly contained in metadata, bar associations have with increased frequency issued opinions providing guidance on what circumstances a lawyer may ethically review an adversary’s metadata. These opinions have recognized a distinction between metadata produced as part of discovery, and that transmitted outside of the discovery context. Bar associations generally agree that, with limited exceptions, sending lawyers may not strip metadata from documents to be produced in discovery and receiving lawyers may review metadata contained in such documents. 1 Outside of the discovery context, bar associations also agree that a lawyer has a duty to strip a document of metadata before transmitting it to her adversary. 2
Bar associations are very much divided, however, on the question of whether, outside of the discovery context, a receiving attorney may review metadata that is not stripped from an adversary’s documents. This split is illustrated by two recent opinions – from the New York County Lawyers’ Association (NYCLA) and the Colorado State Bar Association – that provide conflicting answers.
New York Approach
In March 2008, the NYCLA Committee on Professional Ethics concluded that “when a lawyer sends opposing counsel correspondence or other material with metadata, the receiving attorney may not ethically search the metadata in those electronic documents with the intent to find privileged material or if finding privileged material is likely to occur from the search.” 3 The NYCLA opinion acknowledged that lawyers must “take due care” in sending electronic documents, including “scrubbing the documents to ensure they are free of metadata.” 4 Nevertheless, the NYCLA Committee concluded that a receiving lawyer “may not ethically take advantage of a breach in the attorney’s care by intentionally searching the metadata.” 5
The NYCLA Committee’s analysis was based on an analogy to rules governing receipt of inadvertently produced information. Specifically, Model Rule of Professional Conduct 4.4(b) provides that “[a] lawyer who receives a document relating to the representation of the lawyer’s client and knows or reasonably should know that the document was inadvertently sent shall promptly notify the sender.” The NYCLA Committee concluded that “[b]y actively mining an adversary’s correspondence or documents for metadata . . . a lawyer could be searching only for attorney work product or client confidences that opposing counsel did not intend to be viewed.” 6 This “crosses the lines” of zealous advocacy and constitutes action that “is deceitful and prejudicial to the administration of justice.” 7
The NYCLA opinion allows that “situations may arise where it is not clear whether supplying a document containing metadata is an ‘inadvertent’ disclosure,” for example, where a “lawyer sends material clearly showing tracked changes.” 8 In this circumstance, “the recipient will have to determine from the circumstances . . . whether the sender intended to send a document showing changes or whether it appeared to make a mistake and the document is likely to contain privileged material.” 9 If the receiving attorney “reasonably believes that the disclosure was intentional,” then it “is not unethical for the receiving lawyer to review the metadata.” 10 Importantly, “[w]ithout such a prior understanding or course of conduct to the contrary . . . there is a presumption that disclosure of metadata is inadvertent and would be unethical to review.” 11
The NYCLA opinion is in agreement with a 2001 opinion of the New York State Bar Association (NYSBA) Committee on Professional Ethics, the first bar association in the country to decide whether a lawyer may search an adversary’s metadata. 12 In Formal Opinion 749, the NYSBA Committee prohibited lawyers from using “computer software to surreptitiously ‘get behind’ visible documents or to trace e-mail” on the ground that doing so is an unacceptable violation of the adversary’s attorney-client relationship. 13 The NYSBA opinion presumes that when an adversary electronically transmits a document, she intends for opposing counsel to receive the “visible” document but, absent an explicit direction to the contrary, not its metadata. 14
Several state bar associations have followed the New York approach. For example, the Alabama State Bar’s Ethics Panel concluded that, “[j]ust as a sending lawyer has an ethical obligation to reasonably protect the confidences of a client, the receiving lawyer also has an ethical obligation to refrain from mining an electronic document.” 15 The Alabama opinion added, “The mining of metadata constitutes a knowing and deliberate attempt by the recipient attorney to acquire confidential and privileged information in order to obtain an unfair advantage against an opposing party.” 16
The Arizona State Bar Association likewise opined that, except in narrow circumstances, “the recipient lawyer has a . . . duty not to ‘mine’ [a] document for metadata that may be embedded therein or otherwise engage in conduct which amounts to an unjustified intrusion into the client-lawyer relationship that exists between the opposing party and his or her counsel.” 17 Finally, the Florida State Bar Professional Ethics Committee opined that a receiving lawyer must “not . . . try to obtain from metadata information relating to the representation of the sender’s client that the recipient knows or should know is not intended for the recipient”; should treat such metadata as “confidential information which the sending lawyer did not intend to transmit”; and, should he inadvertently obtain information from metadata that “the recipient knows or should know was not intended” for him, must “‘promptly notify the sender.’” 18
The Contrary Perspective
Less than two months after NYCLA issued its opinion barring receiving lawyers from reviewing an adversary’s metadata, the Ethics Committee of the Colorado Bar Association reached the opposite conclusion, opining that a receiving lawyer “generally may ethically search for and review metadata embedded in an electronic document that the Receiving Lawyer receives from opposing counsel or other third party.” 19 The Colorado Committee considered the New York, Arizona, Alabama and Florida opinions, and rejected their reasoning as “based on incorrect factual premises regarding the nature of metadata.” 20 The Colorado Committee explained:
The Colorado Committee countered that “there is nothing inherently deceitful or surreptitious about searching for metadata.”22 Noting that some metadata may be revealed by a simple click of a mouse, the opinion concludes that referring to searching for metadata as “mining” or “surreptitiously ‘get[ting] behind”’ a document is, therefore, misleading.23 The Colorado Committee further reasoned that a bar on reviewing metadata ignores the reality that “metadata are often of no import” at all.24 “Once one discards the notions that it is dishonest or deceitful to search for or look at metadata or that metadata typically contain significant Confidential Information, there is no [ethics rule] that contains any prohibition on a lawyer generally reviewing or using information received from opposing counsel or other third party.”25
In opining that a receiving lawyer generally may review an adversary’s metadata, the Colorado Committee endorsed the view expressed by the American Bar Association (ABA), which concluded that the Model Rules of Professional Conduct “do not contain any specific prohibition against a lawyer’s reviewing and using the embedded information in electronic documents.”26 That view has been followed by the Maryland State Bar Association’s Committee on Ethics,27 and in part by the District of Columbia Legal Ethics Committee, which opined that a reviewing lawyer may review metadata unless she has prior actual knowledge that it contains inadvertently transmitted confidential information.28
Having concluded that it is permissible for a receiving lawyer to review metadata, the Colorado Committee went on to enunciate the lawyer’s obligations upon discovery of any confidential information within that metadata. The Colorado opinion concludes that if the receiving lawyer “knows or reasonably should know” that the metadata contains confidential information, she should assume, in the absence of an express waiver, that it was transmitted inadvertently.29 Accordingly, she must notify the sending lawyer. Once again, this tracks the ABA’s view that a lawyer who receives information she knows or should know was sent inadvertently must “promptly notify the sender.”30
Finally, the Colorado opinion tackles a separate but related question: Once a receiving lawyer has provided notice that confidential information was inadvertently transmitted in metadata, may she continue to review it? The only other bar association that considered this question, the District of Columbia, opined that the receiving lawyer must refrain from any further review under such circumstances, reasoning that it would amount to “dishonesty, fraud, deceit or misrepresentation” in violation of Model Rule of Professional Conduct 8.4(c).31
The Colorado Committee disagreed, holding that the specific notice provisions of Model Rule of Professional Conduct 4.4 “trump the more general requirements of Rule 8.4(c).”32 The Colorado Committee instead concluded that “the Receiving Lawyer’s only duty upon viewing confidential metadata is to notify the Sending Lawyer . . . . There is no rule that prohibits the Receiving Lawyer from continuing to review the electronic document or file and its associated metadata.”33 The sole circumstance where the receiving lawyer cannot review confidential information in metadata is when she “has prior notice from the sender of the inadvertent transmission of confidential metadata.”34
What’s a Lawyer to Do?
The unresolved split over the propriety of reviewing an adversary’s metadata presents lawyers – particularly those practicing in jurisdictions with bar associations that have not considered the issue – with an ethical dilemma. If it is any consolation, the quandary has caused one bar association to throw up its hands. Last year, the Pennsylvania Bar Association Committee on Legal Ethics and Professional Responsibility concluded that a receiving lawyer must make an individualized determination based on her own judgment when determining whether to review an adversary’s metadata.35
Observing that “various opinions reach different conclusions although each offers a persuasive rationale,” the committee concluded, “it would be difficult to establish a rule applicable in all circumstances and . . . consequently the final determination of how to address the inadvertent disclosure of metadata should be left to the individual attorney and his or her analysis of the applicable facts.”36 “[E]ach attorney must . . . ‘resolve [the issue] through the exercise of sensitive and moral judgment guided by the basic principles of the Rules . . . .’”37
This analysis applies equally to lawyers who practice in jurisdictions lacking any ethics opinions on the subject. Before a receiving lawyer reviews an adversary’s metadata, he should carefully think through the ethical ramifications. For New York practitioners, the answer is clear – they may not undertake such a review. In light of this, New York lawyers ought to be especially mindful of their obligations to scrub metadata before transmitting it to out-of-state adversaries. The failure to do so not only constitutes a breach of professional obligations, but also may place the New York practitioner at a tactical disadvantage: An adversary may be free to review his metadata, while he will not be able to review his adversary’s metadata.38 In short, the ethics debate over metadata presents a minefield that all lawyers must take great care to navigate.
Norman C. Simon is a litigation partner with Kramer Levin Naftalis & Frankel and chairs the firm’s E-Discovery Committee.
1. See, e.g., Alabama State Bar Ethics Op. RO-2007-02, at 3 (2007) (noting discovery is “possible exception to the prohibition against the mining of metadata” and advising attorneys to “seek direction from the court in determining whether a document’s metadata must be produced during discovery”). Bar associations also have cautioned that the federal rules impose obligations on reviewing lawyers. See Maryland State Bar Ass’n, Op. 2007-09, at 2 (2006) (“the lack of any ethical prohibition concerning the review and/or use of metadata . . . in the arena of federal litigation, [is] superseded by the legal requirements set forth in the Federal Rules”).
2. See, e.g., New York State Bar Ass’n Comm. on Prof’l Ethics, Formal Op. 782, at 3 (2004) (“Lawyers have a duty . . . to use reasonable care when transmitting documents by e-mail to prevent the disclosure of metadata containing client confidences or secrets.”).
3. New York County Lawyers’ Ass’n, Op. 738 (2008).
4. Id. at 5.
8. Id. at 3.
11. Id. The NYCLA opinion allows that “a situation may arise where a lawyer has a reason for investigating metadata that is not for the purpose of intending to uncover attorney work product or client confidences or secrets,” and that under such circumstances an adversary’s metadata may be viewed. Id.
12. New York State Bar Ass’n Comm. on Prof’l Ethics, Formal Op. 749, at 1 (2001).
13. Id. at 2.
14. Id. at 3. In a subsequent opinion, the NYSBA Committee opined that a sending lawyer must exercise reasonable care to prevent disclosure of confidential information. NYSBA Formal Op. 782, supra n.2. That opinion cautioned that “[l]awyer-recipients also have an obligation not to exploit an inadvertent or unauthorized transmission of client confidences or secrets.” Id. at 3.
15. Alabama Op. RO-2007-02, at 2, supra n.1. The Alabama Committee noted that its view “is consistent with” Formal Opinion 749 and that “some of the language herein is derived from that opinion.” Id. at 3.
16. Id. at 3.
17. Arizona State Bar, Ethics Op. 07-03, at 3 (2007).
18. Florida State Bar, Ethics Op. 06-2, at 3 (2006) (internal citations omitted).
19. Ethics Comm. of the Colorado Bar Ass’n, Formal Op. 119, at 3 (2008).
26. American Bar Ass’n Standing Comm. on Ethics and Professional Responsibility, Formal Op. 06-442, at 1 (2006).
27. Maryland Op. 2007-09, supra n.1.
28. District of Columbia Legal Ethics Comm., Op. 341 (2007). “Actual knowledge” may exist when a lawyer (i) hears of the mistake before reviewing the document, (ii) notices immediately upon review that the adversary obviously sent the data inadvertently, or (iii) uses a system to search all incoming electronic information in hopes of discovering privileged information. Id. at 2.
29. Colorado Op. 119, at 3, supra n.19.
30. ABA Formal Op. 341, at 2, supra n.26.
31. District of Columbia Op. 341, at 2, supra n.28.
32. Colorado Op. 119, at 4, supra n.19.
35. Pennsylvania Bar Ass’n Comm. on Legal Ethics and Prof’l Responsibility, Formal Op. 2007-500 (2007).
36. Id. at 8.
37. Id. at 1.
38. The NYCLA opinion stresses that “[w]hile New York does not follow the ABA Model Rules and thus is not bound by an ABA ethics opinion, the conflicting opinions still may affect New York lawyers.” NYCLA Op. 738, at 4 n.5, supra n.3. To illustrate this point, the NYCLA opinion includes this explanation from Roy Simon, Simon’s New York Code of Professional Responsibility Annotated, at 589 (2007 ed.):