RPC 1.4(a)(2), 1.6(a), 3.4(a), 4.4(a), 4.4(b), 8.4(d), RCW 5.50.060(2)(a)
This opinion addresses certain ethical obligations related to the transmission and receipt, in the course of a legal representation, of electronic documents containing “metadata.” Metadata is the “data about data” that is commonly embedded in electronic documents and may include the date on which a document was created, its author(s), date(s) of revision, any review comments inserted into the document, and any redlined changes made in the document [note 1]. Specifically, this opinion addresses: 1) an attorney’s ethical obligation to protect metadata when disclosing documents; 2) an attorney’s ethical obligation when receiving another party’s documents in which metadata is readily accessible and has therefore been disclosed; and, 3) the ethical propriety of an attorney using special forensic software to recover – from another party’s documents – metadata that is not otherwise readily accessible through standard word processing software.
1. Lawyer A is preparing a written agreement to settle a lawsuit. The electronic document containing the agreement is circulated amongst attorneys in Lawyer A’s law firm for review and comment. In reviewing the agreement, the firm attorneys insert comments into the document about the terms of the agreement, as well as the factual and legal strengths and weaknesses of the client’s position. A preliminary draft of the agreement is finalized internally, and Lawyer A sends the agreement electronically, for review and approval, to Lawyer B, who represents the opposing party. Lawyer A does not “scrub” the metadata from the document containing the agreement before sending it to Lawyer B. Using standard word processing features, Lawyer B is therefore able to view the changes that were made to, and comments that were inserted into, the document by attorneys at Lawyer A’s firm (i.e., Lawyer B can readily access the metadata contained in the document).
2. Same facts as #1, except that shortly after opening the document and discovering the readily accessible metadata, Lawyer B receives an urgent email from Lawyer A stating that the metadata had been inadvertently disclosed and asking Lawyer B to immediately delete the document without reading it.
3. Same facts as #1, except that Lawyer A makes reasonable efforts to “scrub” the document and thereby eliminates any readily accessible metadata before sending the document to Lawyer B. Lawyer B possesses special forensic software designed to circumvent metadata removal tools and recover metadata Lawyer A believes has been “scrubbed” from the document. Lawyer B wants to use this software on Lawyer A’s document to determine if it contains any metadata that may be useful in representing his own client.
1. Lawyer A’s ethical obligations: Lawyer A has an ethical duty to “act competently” to protect from disclosure the confidential information that may be reflected in a document’s metadata, including making reasonable efforts to “scrub” metadata reflecting any protected information from the document before sending it electronically to Lawyer B. Rule of Professional Conduct (“RPC”) 1.6 (a) requires Lawyer A to “not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation or the disclosure is [explicitly] permitted by paragraph (b)” of RPC 1.6 (emphasis added). This rule of confidentiality applies to “all information relating to the representation, whatever its source” and extends to disclosures that, although they may not “themselves reveal protected information …[,] could reasonably lead to the discovery of [confidential] information by a third person.” Comments 3 & 4 to RPC 1.6. Metadata embedded in electronic documents that reflects attorney-client communications, attorney work product and/or other confidential information related to a representation falls squarely within the protections of RPC 1.6 [note 2]. As such, a lawyer must “act competently” to safeguard such metadata “against inadvertent or unauthorized disclosure[.]” [note 3]. Comment 16 to RPC 1.6. Lawyer A, therefore, must make reasonable efforts to ensure that electronic metadata reflecting protected information is not disclosed in conjunction with the exchange of documents related to a representation – i.e., that it is not readily accessible to the receiving party. Lawyer A can do this by disclosing documents in formats that do not include metadata – e.g., in hard copy, via fax, or in Portable Document Format (“PDF”) created by mechanically scanning hard copies – or by “scrubbing” the metadata from electronic documents using software utilities designed for that purpose [note 4]. Note, however, that in the context of discovery production, where certain metadata may have evidentiary value, RPC 3.4(a) specifically prohibits a lawyer from “alter[ing], destroy[ing] or conceal[ing] a document or other material having potential evidentiary value[,]” or assisting another person in doing so [note 5].
Lawyer B’s ethical obligations: Upon discovery, Lawyer B has an ethical duty to “promptly notify” Lawyer A that the disclosed document contains readily accessible metadata. RPC 4.4(b) requires a “lawyer who receives a document relating to the representation of the lawyer’s client and knows or reasonably should know that the document was inadvertently sent … [to] promptly notify the sender.” For the purposes of the rule, “‘document’ includes e-mail or other electronic modes of transmission subject to being read or put in readable form.” Comment 2 to RPC 4.4. As metadata is embedded electronic documents – i.e., “electronic modes of transmission” – it falls within the protections RPC 4.4(b). Here, where the metadata disclosed by Lawyer A includes attorney work product otherwise protected in litigation, Lawyer B knows or reasonably should know the metadata was inadvertently disclosed. As such, Lawyer B’s duty to notify Lawyer A is triggered here.
2. Lawyer B’s ethical obligations: Under the ethical rules, Lawyer B is not required to refrain from reading the document, nor is Lawyer B required to return the document to Lawyer A. See Comments 2 & 3 to RPC 4.4. Lawyer B may, however, be under a legal duty separate and apart from the ethical rules to take additional steps with respect the document [note 6]. See id. If Lawyer B is not under such a separate legal duty, the “decision to voluntarily return such a document is a matter of professional judgment ordinarily reserved to the lawyer[,]” in consultation with the client. Comment 3 to RPC 4.4; see also RPC 1.4(a)(2) (requiring an attorney to “reasonably consult with the client about the means by which the client’s objectives are to be accomplished”).
3. Lawyer B’s ethical obligations: The ethical rules do not expressly prohibit Lawyer B from utilizing special forensic software to recover metadata that is not readily accessible or has otherwise been “scrubbed” from the document. Such efforts would, however, in the opinion of this committee, contravene the prohibition in RPC 4.4(a) against “us[ing] methods of obtaining evidence that violate the legal rights of [third persons]” and would constitute “conduct that is prejudicial to the administration of justice” in contravention of RPC 8.4(d). To the extent that efforts to mine metadata yield information that intrudes on the attorney-client relationship, such efforts would also violate the public policy of preserving confidentiality as the foundation of the attorney-client relationship. See RCW 5.60.060(2)(a), Dietz v. Doe, 131 Wn.2d 835, 842 (1997), and Comments 2 & 3 to RPC 1.6. As such, it is the opinion of this committee that the use of special software to recover, from electronic documents, metadata that is not readily accessible does violate the ethical rules.
1. See Joshua J. Poje, Metadata Ethics Opinions Around the U.S., American Bar Association,
available at: http://www.americanbar.org/groups/departments_offices/legal_technology_resources/resources/charts_fyis/metadatachart.html, last visited February 20, 2012. Note that Mr. Poje’s chart does not reflect the opinion recently issued by the Oregon State Bar Association, Formal Opinion No. 2011-187 (“Competency: Disclosure of Metadata”).
2. If the metadata reflects confidential information pertaining to a former client – as may occur when attorneys reuse template documents over time – it is protected by RPC 1.9(c)(2).
3. RPC 1.1, moreover, requires Lawyer A to provide competent representation to a client, which includes possessing “the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.” The duty to competently represent a client includes the duty to possess, obtain or recruit sufficient skill to ensure that confidential information reflected in metadata is not inadvertently disclosed.
4. For a discussion of mechanical alternatives for protecting metadata in the disclosure process, see David Hricik and Chase Edward Scott, Metadata: The Ghosts Haunting e-Documents, Georgia Bar Journal, February 2008, available at: http://gabar.org/public/pdf/gbj/feb08.pdf, last visited February 22, 2012, and Jembaa Cole, When Invisible Ink Leaves Red Faces: Tactical, Legal and Ethical Consequences of the Failure to Remove Metadata, 1 Shidler J. L. Com. & Tech. 8 (Feb. 2, 2005), available at:
http://digital.law.washington.edu/dspace-law/bitstream/handle/1773.1/360/vol1_no2_art8.pdf?sequence=1, last visited February 20, 2012. As technology evolves, of course, what constitutes “competent” representation in this context necessarily evolves.
5. See also O’Neill v. City of Shoreline, 170 Wn.2d 138 (2010) (holding metadata is subject to disclosure pursuant to the Public Records Act).
6. See e.g., Fed. R. Civ. P. 26(b)(5)(B) and Washington State Superior Court Civil Rule (“CR”)
26(b)(6) (governing claims of privilege or protection for information produced in discovery), Fed. R. Civ. P. 45(d)(2)(B) and CR 45(d)(2)(B) (governing claims of privilege or protection for
information produced pursuant to subpoena), and Fed. R. Evid. 502(b) and Washington State Rule of Evidence 502(e) (governing claims of privilege or protection and waiver of same). Where the parties have entered into an agreement, such as a protective order, that addresses inadvertent disclosures, that agreement may also place additional obligations on the attorney in these circumstances.