The days of attorneys working on different drafts of agreements or other legal documents when representing opposing clients, are long gone. Nowadays, Attorney A will prepare and send a first draft to Attorney B, who will take instructions from client and make changes. Attorney A on its turn will confirm the changes with its client and so it will go on until the parties finally reach agreement and the final document is produced.Technology has made or lives so much easier. Or has it?
The majority of attorneys probably have access to email facilities and indeed use technology and email to draft legal documents and send them to clients, counsel, and opposing attorneys. But, the majority of attorneys using these facilities probably do not know that the document as they see it on their computer or email, is not the beginning and the end of the document. Metadata is often not taken into consideration – it is forgotten. If you are wondering what metadata is, you better continue reading.
Metadata is often not taken into consideration – it is forgotten.
Definitions of metadata include:
- “Data about data. Metadata describes how and when and by whom a particular set of data was collected, and how the data is formatted.” (Webopedia);
- “Data about other data, of any sort in any media. Metadata is definitional data that provides information about or documentation of other data managed within an application or environment.” (Wikipedia).
For purposes of this discussion we can say that metadata is information about data in an electronic document that is not available on the face of reading the document, but is hidden and can indeed be found if you know the right methods to get to that hidden information. It includes for example the author’s identity, the last time he worked on the document, comments made by and to the author that has since been deleted, earlier versions of the document, recent changes made to the document and much more. To give just one practical example, vital information or comments between you and your client may indeed be traced by the opposing attorney, if you don’t take the necessary precautions. This can be detrimental to your client.
This brings us to the question – what are your duties as an attorney regards metadata. Can you be expected to examine each electronic document sent by your office to ensure that important hidden information is not disclosed? And seen from the other side, may you or may you not look for vital hidden information in an electronic document received from an opposing attorney or counsel?
A recent article by Jim Calloway, Metadata – what is it and what are my ethical duties addressed this very same issue from an USA perspective. It seems that in the United States of America, different institutions have adopted different approaches. To summarise a few discussed in Calloway’s article:
- The New York State Bar: “a lawyer must exercise reasonable care to ensure that he or she does not inadvertently disclose his or her client’s confidential information.”
- The Florida Board of Governors: “metadata mining is something lawyers should not do.”
- The American Bar Association: “nothing in the Rules of professional conduct contained any specific prohibition against a lawyer’s reviewing and using embedded information in electronic documents”.
- The Florida Commission on Ethics : “a lawyer who is sending an electronic document should take care to ensure the confidentiality of all information contained in the document, including metadata.” and “a recipient lawyer should not examine a document for metadata.”
- Alabama State Bar Ethics opinion: “an attorney has an ethical duty to exercise reasonable care when transmitting electronic documents to ensure that he or she does not disclose his or her client’s secrets and confidences…. Just as a sending lawyer has an ethical obligation to reasonably protect the confidences of a client, the receiving lawyer also has an ethical obligation to refrain from mining an electronic document.”
- The District of Columbia Bar opinion: “A receiving lawyer is prohibited from reviewing metadata sent by an adversary only where he has actual knowledge that the metadata was inadvertently sent. In such instances, the receiving lawyer should not review the metadata”.
- Maryland State Bar Ethics Docket: “there is no ethical violation if the recipient attorney (or those working under the attorney’s direction) reviews or makes use of the metadata without first ascertaining whether the sender intended to include such metadata.”
- Pennsylvania Bar Association opinion: “it would be difficult to establish a rule applicable in all circumstances and that consequently the final determination of how to address the inadvertent disclosure of metadata should be left to the individual attorney and his or her analysis of the applicable facts.”
- State Bar of Arizona opinion: “a lawyer who receives a document and knows or reasonably should know that the document was inadvertently sent shall promptly notify the sender and preserve the status quo for a reasonable period of time in order to permit the sender to take protective measures.”
It follows that some hold the view that there is a duty on lawyers not to disclose confidential information and not to mine for hidden data in documents received, while others feel that there is no such duty.
South African position
What is the position in South Africa? In South Africa, professional misconduct by attorneys can include a:
- contravention of law society rules;
- contravention of the Attorneys Act 53 of 1978; or
- criminal offence by the attorney.
The different law societies that operate in the different provinces make their own rules applicable to members in their provinces. The rules dealing with unprofessional and dishonourable conduct in general prohibit touting (soliciting work), allowing unqualified persons to charge professional fees for work which only attorneys can perform, the sharing of offices with non-practicing persons, and failure to co-operate with the law society.
If one looks at the Cape Law Society Rules (where I practice), Rule 14 that deals with Professional Conduct, determines inter alia that members “shall at all times:
- maintain the highest standards of honesty and integrity;
- maintain confidentiality regarding the affairs of present or former clients, unless otherwise required by law;
- behave towards their colleagues, including any legal practitioner from a foreign jurisdiction, with integrity, fairness and respect;
- refrain from doing anything which could or might bring the attorneys’ profession into disrepute”.
“the lawyer is bound to act with the utmost honour and fairness with regard to his client for whom he is bound to use his utmost skill but not to degrade himself for the purpose of winning his client’s case.” and
Currently, there is no case law dealing with the issue of metadata in the context of attorneys’ duties. The case law dealing with unprofessional conduct is mainly focused on the fields of conveyancing, touting, and sharing of fees. Can it be expected from an attorney
- to ensure that no metadata that could be detrimental to its client case be disclosed to a third party or
- not to mine for hidden information or
- to disclose to opponents that confidential information got to its knowledge through ways of metadata?
This is yet to be answered by our courts.
What I can say is that on a proper reading of Rule 14 above, it is clear that it is at least possible that 1,2 or 3 may be seen to be a breach of the rules dealing with professional conduct. Most certainly to forward confidential information exchanged between attorney and client to the opposing attorney could amount to “not maintaining confidentiality regarding affairs of clients“; or to mine for metadata could probably be seen “not to be behaving towards colleagues with integrity and fairness“. Is it worth taking the chance? Definitely not. Over and above possible contravention of the law society rules, it could be detrimental to your practice if it becomes known that confidential client information or instructions leaked out through negligence in the handling of metadata. It could cost both your client and you dearly.
We therefore suggest that you implement policies and procedures to ensure that all your staff knows how to:
- deal with metadata before digital documents get sent;
- treat metadata on incoming documents.