Mind your Metadata: Ethics Opinion 665 Identifies Basic Competencies in Working with Metadata

December 20, 2016

Recently, the Texas State Bar released Ethics Opinion 665 discussing the ethical obligations of Texas lawyers in protecting privileged metadata from disclosure outside the normal course of discovery. Ultimately, Ethics Opinion 665 concludes “[w]hether a lawyer has taken reasonable measures to avoid the disclosure of confidential information in metadata will depend on the factual circumstances.” At the very least, to provide competent representation to clients, lawyers are required to appreciate that metadata exists, understand metadata may contain protected information, and be aware that metadata can be inadvertently transferred if proper precautions are not taken.

Metadata is extra information that is automatically created and embedded in a document. Metadata may reflect such information as the author of the document, the date or dates on which the document was revised, track revisions to the document, note comments inserted in the margins of the document, and/or point to hidden data. Most of the time, the metadata embedded in a document is of little or no interest. When functions like “Track Changes” mode are used, however, metadata may contain protected communications between attorney and client. Under this circumstance, if these notes are not removed and are then forwarded to another party, Ethics Opinion 665 suggests a lawyer may violate the Texas Disciplinary Rules of Professional Conduct.

Rule 1.01 of the Texas Disciplinary Rules of Professional Conduct prohibits a lawyer from accepting or continuing “employment in a legal matter which the lawyer knows or should know is beyond the lawyer’s competence.” “Competence” is defined as “the possession or the ability to timely acquire the legal knowledge, skill, and training reasonably necessary for the representation of the client.” Per Ethics Opinion 665, a lawyer’s duty of competence under the ethical rules requires that lawyers who use electronic documents understand (1) metadata is created in the generation of electronic documents, (2) transmission of electronic documents will include transmission of metadata, (3) the transmitted metadata may include confidential information, (4) metadata is accessible, and (5) the unwanted transmission of metadata can be prevented. As to the last basic competency, metadata can—and generally should—be “scrubbed” prior to transmitting to another party. These days, most word processing software has basic scrubbing capabilities that identify and flag hidden metadata. The user can remove the flagged metadata prior to sending as necessary. Using the scrubbing capabilities in a word processor is one of the many ways metadata can be removed.

While not every inadvertent disclosure of confidential information contained in metadata will violate the Texas Disciplinary Rules of Professional Conduct, whether such an inadvertent disclosure of protected metadata constitutes an ethical violation will depend on the factual circumstances surrounding the disclosure. Per Ethics Opinion 665, a working knowledge of metadata—and how to protect it—is now critical.