Ethics Opinion 341

Review and Use of Metadata in Electronic Documents

A receiving lawyer is prohibited from reviewing metadata sent by an adversary only where he has actual knowledge that the metadata was inadvertently sent. In such instances, the receiving lawyer should not review the metadata before consulting with the sending lawyer to determine whether the metadata includes work product of the sending lawyer or confidences or secrets of the sending lawyer’s client.

Applicable Rules

• Rule 1.6 (Confidentiality of Information)
• Rule 3.4 (Fairness to Opposing Party and Counsel)
• Rule 4.4 (Respect For Rights of Third Persons)
• Rule 8.4 (Misconduct)

Inquiry

We have received numerous inquiries concerning a lawyer’s obligations regarding metadata that is imbedded in electronic documents received from opposing counsel. Metadata is electronically stored information, typically not visible from the face of the document as printed out or as initially shown on the computer screen, but which is imbedded in the software and retrievable by various means. Often described as "data about data," metadata provides information regarding the creation and modification of a document, and sometimes includes comments by persons participating in the creation or modification of the document.¹ To the uninitiated, metadata is hidden and perhaps unknown, but to competent computer-users, the existence of metadata is well known and may be a simple "click" or two away. The information that is embedded is often mundane and of little or no interest, but in some instances it may reveal significant information.

In assessing the ethical obligations of both the sending and receiving lawyer with respect to metadata, we find it useful to distinguish between electronic documents provided in discovery or pursuant to a subpoena from those electronic documents voluntarily provided by opposing counsel. Although the Florida and Alabama Bars have recognized a similar distinction, see Florida Bar Op. 06-2; Alabama State Bar, Office of Gen. Counsel Op. No. R0-2007-02, the distinction has not been universally recognized in other ethics opinions addressing metadata. See ABA Formal Op. 06-442; Maryland Bar Ass’n Ethics Docket No. 2007-09.

Analysis

A. Electronic Documents Provided Outside of Discovery

1. The Sending Lawyer

Lawyers sending electronic documents outside of the context of responding to discovery or subpoenas have an obligation under Rule 1.6 to take reasonable steps to maintain the confidentiality of documents in their possession. This includes taking care to avoid providing electronic documents that inadvertently contain accessible information that is either a confidence or a secret and to employ reasonably available technical means to remove such metadata before sending the document. See N.Y. State Bar Ass’n Committee Op. 782. Accordingly, lawyers must either acquire sufficient understanding of the software that they use or ensure that their office employs safeguards to minimize the risk of inadvertent disclosures.²

2. The Receiving Lawyer

More often than not, the exchange of metadata between lawyers is either mutually helpful or otherwise harmless. Lawyers routinely exchange contracts, stipulations, and other documents that include “track changes” or other software features which highlight suggested modifications. Similarly, spreadsheets include necessary metadata such as formulas for the columns and rows, thereby providing a useful understanding of the calculations made.

But when a receiving lawyer has actual knowledge that the sender inadvertently included metadata in an electronic document, we believe that the principles stated in Opinion Nos. 256 and 318 relating to inadvertent production of privileged material should be used in determining the receiving lawyer’s obligations. In Opinion No. 256, we stated that, where a lawyer knows that a privileged document was inadvertently sent, it is a dishonest act under D.C. Rule 8.4(c) for the lawyer to review and use it without consulting with the sender. We reached a similar conclusion in Opinion No. 318, regarding the receipt of documents from third parties. However, we noted in Opinion 318 that, where the privileged nature of the document is not apparent on its face, there is no obligation to refrain from reviewing it, and the duty of diligent representation under D.C. Rule 1.3 may trump confidentiality concerns.

Consistent with Opinion No. 256, we agree generally with the New York and Alabama Bars to the extent that they have found Rule 8.4(c) to be implicated when a receiving lawyer wrongfully “mines” an opponents’ metadata. See N.Y. State Bar Ass’n Committee Op. 749 (concluding that lawyers have an obligation not to exploit an inadvertent or unauthorized transmission of client confidences or secrets and that “use of such information ... [is] conduct ‘involving dishonesty, fraud, deceit or misrepresentation’”); and Alabama State Bar, Office of Gen. Counsel Op. No. R0-2007-02 (finding that “[t]he unauthorized mining of metadata by an attorney to uncover confidential information would be a violation of ... Rule 8.4”).

In our view, however, Rule 8.4 is implicated only when the receiving lawyer has actual prior knowledge that the metadata was inadvertently provided. Given the ubiquitous exchange of electronic documents and the sending lawyers’ obligation to avoid inadvertent productions of metadata, we believe that mere uncertainty by the receiving lawyer as to the inadvertence of the sender does not trigger an ethical obligation by the receiving lawyer to refrain from reviewing the metadata. This standard is consistent with our conclusion in Opinion No. 256.³

Where there is such actual prior knowledge by the receiving lawyer as to the inadvertence of the sender, then notwithstanding the negligence or even ethical lapse of the sending lawyer, the receiving lawyer’s duty of honesty requires that he refrain from reviewing the metadata until he has consulted with the sending lawyer to determine whether the metadata includes privileged or confidential information.⁴ If the sending lawyer advises that such protected information is included in the metadata, then the receiving lawyer should comply with the instructions of the sender. The receiving lawyer may, however, reserve his right to challenge the claim of privilege and obtain an adjudication, where appropriate.

A receiving lawyer may have such actual prior knowledge if he is told by the sending lawyer of the inadvertence before the receiving lawyer reviews the document. Such actual knowledge may also exist where a receiving lawyer immediately notices upon review of the metadata that it is clear that protected information was unintentionally included. These situations will be fact-dependent, but can arise, for example, where the metadata includes a candid exchange between an adverse party and his lawyer such that it is “readily apparent on its face,” D.C. Ethics Op. 318, that it was not intended to be disclosed. As we stated in Opinions 256 and 318, a prudent receiving lawyer who is uncertain whether the sender intended to include particular information should contact the sending lawyer to inquire.

We recognize that other ethics opinions take a different view and have concluded that neither Rule 8.4(c) nor any other ethics rule prohibits the review of metadata. In Formal Opinion 06-442, the ABA noted that there is no rule expressly prohibiting such conduct. The ABA discussed Model Rule 4.4(b), which relates to the inadvertent production of documents, as “the most closely applicable rule,” but it declined to state that it directly applied to metadata transmitted within an electronic document. The ABA nevertheless noted that under Model Rule 4.4(b), where it applies, a receiving lawyer has no obligation under the ethics rules beyond notifying the sender.⁵

Notably, however, the version of Rule 4.4(b) adopted by the D.C. Court of Appeals, effective February 1, 2007, is more expansive than the ABA version. Indeed, the D.C. Rule largely codified Opinion No. 256 regarding inadvertent production of privileged documents. See D.C. Rule 4.4, Comments [2] & [3]. D.C. Rule 4.4(b) provides:

A lawyer who receives a writing relating to the representation of a client and knows, before examining the writing, that it has been inadvertently sent, shall not examine the writing, but shall notify the sending party and abide by the instructions of the sending party regarding the return or destruction of the writing.

Although the purpose of Rule 4.4(b) was to address the inadvertent disclosure of entire documents (whether electronic or paper),⁶ we see no reason why it would not also apply to an inadvertently transmitted portion of a writing that is otherwise intentionally sent.

B. Electronic Documents Provided in Discovery or Pursuant to a Subpoena

When metadata is provided in discovery or pursuant to a subpoena, the rules of professional conduct are not the only rules of which lawyers must be aware. Although such other rules lie outside our jurisdiction, we note that the Federal Rules of Civil Procedure now provide steps to identify and address issues related to electronic discovery. See F. R. Civ. P. 16(b), 26 (f), 33(d), 34(a) and 37(f) (effective Dec. 1, 2006). Under these new rules, parties are required to consult at the outset of a case about the nature of pertinent electronic documents in their possession and the manner in which they are maintained. This should include specific discussions as to whether a receiving party wants to obtain the metadata, and if so, whether the sending party wishes to assert a claim of privilege as to some or all of the metadata.

Although decided prior to the implementation of the amended federal rules, the case of Williams v. Sprint/United Mgt., 230 F.R.D. 640 (D. Kan. 2005), illustrates how metadata may be considered probative evidence in litigation. In Williams, plaintiff employees brought a class action claiming age discrimination in connection with a reduction-in-force ("RIF"), and they sought and obtained from the defendant electronic versions of Excel spreadsheets that were created and used by the defendant to identify pools of employees subject to the RIF. The defendant "scrubbed" the metadata from these spreadsheets before producing them, and plaintiffs objected. They moved to compel production of the metadata as originally maintained. The court held that because the metadata could be relevant in determining whether defendants had manipulated the employee pools as alleged, defendants had to provide the metadata to plaintiffs.⁷

1. The Sending Lawyer in the Discovery/Subpoena Context

D.C. Rule 3.4(a) provides the relevant guidance for lawyers providing access to tangible evidence in discovery:

A lawyer shall not ...Obstruct another party’s access to evidence or alter, destroy, or conceal evidence, or counsel or assist another person to do so, if the lawyer reasonably should know that the evidence is or may be the subject of discovery or subpoena in any pending or imminent proceeding. Unless prohibited by law, a lawyer may receive physical evidence of any kind from the client or from another person.

Because it is impermissible to alter electronic documents that constitute tangible evidence, the removal of metadata may, at least in some instances, be prohibited as well.⁸ In addition to issues regarding discovery sanctions, the alteration or destruction of evidence can, under some circumstances, also constitute a crime. See D.C. Rule 3.4, Comment [4].

2. The Receiving Lawyer in the Discovery/Subpoena Context

In view of the obligations of a sending lawyer in providing electronic documents in response to a discovery request or subpoena, a receiving lawyer is generally justified in assuming that metadata was provided intentionally.  Moreover, when a document is sought in discovery or through subpoena, the scope of what is protected is narrowed from anything that is a confidence or secret to that material which falls within an evidentiary privilege. See D.C. Rule 1.6(e)(2)(A); Adams v. Franklin, No. 05-CV-233, slip op. at 5 (D.C. May 10, 2007) (“the lawyer’s ethical duty to preserve a client’s confidences and secrets is broader [than] the attorney-client privilege”).

In addition, when an electronic document constitutes tangible evidence, or potential tangible evidence, the receiving lawyer has an obligation competently and diligently to review, use, and preserve the evidence. See D.C. Rules 1.1, 1.3. The electronic document is similar to any other tangible evidence that the lawyer is expected to review in order to advance her client’s interests. Where useful, for example, the lawyer in such instances may consult with a computer expert to determine the means by which the metadata can be most fully revealed and reviewed, much as a lawyer does with a finger-print expert.⁹

Notwithstanding all this, even in the context of discovery or other judicial process, if a receiving lawyer has actual knowledge that metadata containing protected information was inadvertently sent by the sending lawyer, the receiving lawyer, under Rule 8.4(c), should advise the sending lawyer and determine whether such protected information was disclosed inadvertently.  See D.C. Ethics Op. 256 (“The line we have drawn between an ethical and an unethical use of inadvertently disclosed information is based on the receiving lawyer’s knowledge of the inadvertence of the disclosure.”). If the sender advises that protected information was unintentionally provided, then the receiving lawyer should follow the directives of the sending lawyer regarding the disposition of the electronic document. Under these circumstances, however, the receiving lawyer is permitted to take protective measures to ensure that potential evidence is not destroyed and to preserve the right to challenge the claim that the information is privileged or otherwise not subject to discovery and obtain an adjudication on that point. Of course, this is all subject to applicable rules of procedure and court orders that may otherwise govern.¹⁰

Conclusion

We conclude that when a receiving lawyer has actual knowledge that an adversary has inadvertently provided metadata in an electronic document, the lawyer should not review the metadata without first consulting with the sender and abiding by the sender’s instructions. In all other circumstances, a receiving lawyer is free to review the metadata contained within the electronic files provided by an adversary.

(No Inquiry Number)
Published: September 2007

1. The Federal Judicial Center recently issued a publication on electronic discovery that defined the term “metadata” as
  [i]nformation about a particular data set or document which describes how, when, and by whom the data set or document was collected, created, accessed, or modified; its size; and how it is formatted. Some metadata, such as file dates and sizes, can easily be seen by users; other metadata can be hidden from users but are still available to the operating system or the program used to process the data set or document.
Barbara J. Rothstein, Ronald J. Hedges, & Elizabeth C. Wiggins, Managing Discovery of Electronic Information: A Pocket Guide for Judges 24-25 (Federal Judicial Center 2007), www.fjc.gov/public/pdf.nsf/lookup/eldscpkt.pdf/$file/eldscpkt.pdf.
2. For information on methods for handling metadata, see The Sedona Conference Working Group Series, The Sedona Guidelines: Best Practice Guidelines & Commentary for Managing Information & Records in the Electronic Age (Sept. 2005), www.thesedonaconference.org/dltForm?did=TSG9_05.pdf.
3. By stating that the standard for a violation is “actual knowledge,” we do not condone a situation in which a lawyer employs a system to mine all incoming electronic documents in the hope of uncovering a confidence or secret, the disclosure of which was unintended by some hapless sender. The Rules of Professional Conduct are “rules of reason,” Scope [1], and a lawyer engaging in such a practice with such intent cannot escape accountability solely because he lacks “actual knowledge” in an individual case. Moreover, as stated in Rule 1.0(f), “[a] person’s knowledge may be inferred from circumstances.”
4. In Opinion No. 256, we discussed the analogous situation of a lawyer who finds a wallet in the street. Here, the more appropriate analogy may be to a lawyer who inadvertently leaves his briefcase in opposing counsel’s office following a meeting or a deposition. The one lawyer’s negligence in leaving the briefcase does not relieve the other lawyer from the duty to refrain from going through that briefcase, at least when it is patently clear from the circumstances that the lawyer was not invited to do so.
5. In its Opinion No. 2007-09, the Maryland Bar also concluded that Rule 8.4(c) is not implicated by a receiving lawyer’s accessing metadata. But the Maryland Bar relied on its version of Rule 4.4. which has not been amended to impose any obligation on the lawyer who receives an inadvertently produced document. The Maryland Bar stated that its opinion was “heavily influenced by the difference between the Maryland Rules of Professional Conduct and [ABA Model Rule 4.4].” D.C. Rule 4.4(b), by contrast, imposes upon the receiving lawyer an obligation not only to contact the sending lawyer (as the Model Rule requires), but also to abide by the sending lawyer’s instructions regarding the return or destruction of the document.
6. Under D.C. Rule 1.0(o), a “writing” is defined as “a tangible or electronic record of a communication or representation, including handwriting, typewriting, printing, photostating, photography, audio or video recording, and e-mail.”
7. By citing Williams, we do not necessarily mean to endorse its holding or to provide any guidance with respect to the rules of discovery. See Speedway v. NASCAR, Inc., 2006 U.S. Dist. LEXIS 92028 (E.D. Ky. Dec. 18, 2006) (criticizing the specific holding in Williams). Rather, we cite Williams merely to illustrate that courts have required the production of metadata as probative evidence, and we discuss below the implications of this conclusion for the responsibilities of lawyers under the rules of professional conduct.
8. This is not to suggest that all metadata should be treated alike. For example, a Joint Court-Bar Committee of the United States District Court for the District of Maryland has issued a suggested protocol that defines and distinguishes between different kinds of metadata, only some of which are subject to routine production. See Suggested Protocol for Discovery of Electronically Stored Information, In re: Electronically Stored Information, ¶11 (D. Md.), www.mdd.uscourts.gov/localrules/localrules.html. The purpose of the protocol is “to facilitate the just, speedy, and inexpensive conduct of discovery involving [electronically stored information or ‘ESI’] in civil cases, and to promote, whenever possible, the resolution of disputes regarding the discovery of ESI without Court intervention.” Id. ¶1.
9. In concluding that a lawyer may review metadata in documents produced in discovery (that is, unless and until the lawyer has actual knowledge that the metadata contains protected information), we do not intend to suggest that a lawyer must undertake such a review. Whether as a matter of courtesy, reciprocity, or efficiency, “a lawyer may decline to retain or use documents that the lawyer might otherwise be entitled to use, although (depending on the significance of the documents) this might be a matter on which consultation with the client may be necessary.” D.C. Ethics Op. 256, n.7 (citing D.C. Rules 1.2(a) and 1.4(b)); see also D.C. Ethics Op. 318, n.5.
10. When in litigation, an attorney must comply with the applicable rules of procedure of the court in which the litigation resides. In this regard, for example, Rule 26(b)(5)(B) of the Federal Rules of Civil Procedure requires a lawyer who is informed by opposing counsel that an allegedly privileged document was produced, to return, sequester or destroy the document until the court adjudicates the claim of privilege. See also D.C. Rule 3.4(c) (requiring a lawyer to comply with the rules of a presiding tribunal).