Welcome to Metadata: Complying with OSB Formal Opinion No. 2011-187
Our topics today include: Defining Metadata Understanding Your Ethical Duties Removing Metadata Final Thoughts
What is metadata? Basically, metadata is data about the data – when the file was created, who created it, where it is stored on the server And more…
Examples of metadata include: Path and File Name Author Date/Time Stamp Company or Firm Name
Inserted Text Document Versions Comments Headers and Footers
Tracked Changes Template Information Undo and Redo History Network or Server Name And the list goes on – Hidden Text Embedded objects or non-visible portions of embedded OLE objects Fast saves Other File properties Hyperlinks Initials Linked objects Matching font Personalized views Small font Summary details Styles For more information, see: http://bit.ly/voJOnR – link to Metadata, Danger in Delight? From OSB Bulletin For an excellent technical article, see: http://bit.ly/voJOnR
Ufile has metadata Word Processing Documents Spreadsheets Database Files Images Videos
Sound Files E-Mail Messages Zip Files PDFs Every Electronic File Of course the most critical are often word processing documents, since this is the type of document most often exchanged with opposing counsel, clients, etc.
So what are your ethical duties under newly issued Opinion 2011-187?
Your first ethical duty is to act competently. You have a duty to maintain a basic understanding of technology and The risks of revealing metadata OR…
If you don’t understanding the technology and the risks, you have a duty to obtain and utilize adequate technology support.
Your second duty is that of reasonable care - Use reasonable care to avoid the disclosure of confidential client information, particularly where the information could be detrimental to a client. Specifically, using reasonable care requires these steps: Prevent Inadvertent Disclosure Limit Nature of Metadata Limit Scope of Metadata
Reasonable care also requires: Controlling to whom the document is sent And Keeping up with technology \\ What constitutes reasonable care will change as technology evolves.
As to whether you can use metadata, opinion 2011-187 draws a distinction between metadata that was intentionally left in a document vs. metadata that was “inadvertently included”
If the receiving lawyer could reasonably conclude that metadata was intentionally left in a document, there is no duty to inform the sender of the presence of metadata and the receiving lawyer may use the metadata.
If the receiving lawyer knows or reasonably should know that metadata was inadvertently included -- Oregon RPC 4.4(b) requires notice to the sender. It does not require the receiving lawyer to return the document unread or to comply with a request by the sender to return the document.
So what are indicators that metadata may have intentionally been left in a document? The standard is whether you, as the receiving lawyer, could reasonably conclude that metadata was intentionally left. Not sure that would ever be the case – probably more likely that a sender had no clue the document had metadata. But in any case: If you receive a document in its native application, open it, and see tracked changes and comments when you weren’t expecting to see them (for example, when trading a redlined version of a document back and forth with opposing counsel), then you might be able to conclude the metadata was intentionally left
Probably the best indicator that any metadata included is inadvertent would be the fact that you received the document as a PDF (rather than its native format) and it had next to no metadata because of the PDF conversion.
The opinion also cautions that before deciding what to do with an inadvertently included metadata, the receiving lawyer should consult with the client about the risks of returning the document versus the risks of retaining and reading the document and its metadata.
Using Special Software to Reveal Metadata Searching for metadata using special software when it is apparent that the sender has made reasonable efforts to remove the metadata may be analogous to surreptitiously entering the other lawyer’s office to obtain client information and may constitute ‘conduct involving dishonesty, fraud, deceit, or misrepresentation.’ in violation of Oregon RPC 8.4(a)(3).
So how can you remove metadata? It can be done using word processing software, Acrobat, third-party removal tools, and there is also a “low tech method.”
In WordPerfect, select File Save Without Metadata….
WordPerfect gives you the option to remove all items listed.
In Word 2007 (and in other Microsoft Office products), you can inspect for and remove metadata: Click the Office button Choose Prepare Then Inspect Document
The document inspector appears, allowing you to search for the items listed above.
In Word 2010, steps are slight different: Click on File, UnderInfo, locate “Check for Issues – Prepare for Sharing” Select Inspect Document
Use Caution with Word 2007 or 2010: If you choose to inspect & remove “headers, footers, and watermarks” your headers & footers will be wiped out
Best practices for Word users: Copy the document FIRST “ Manually” review your headers and footers – including multiple sections – users often include file and pathname in footers Any watermarks present Follow the steps to Prepare and Inspect, but UNCHECK “headers, footers, and watermarks” You can read more about metadata removal in Word Help.
Another good idea in Word is to invoke trust center warnings (also available in Excel and PowerPoint): Click Microsoft Office Button Word Options Trust Center, then Trust Center Settings … Privacy Options Check this Box: (Warn before printing, saving, or sending a file that contains tracked changes or comments)
Even better – use PDF software In Acrobat 9, you can examine documents individually for metadata or set a preference to check everything. The steps are: Individual Documents in Acrobat Document > Examine Document… All Documents In Acrobat Edit > Preferences > Document > Examine Document When closing document When sending document by e-mail
In Acrobat X, select Tools, then Protection. You can “Remove Hidden Information” or “Sanitize Document.”
Use Remove Hidden Information when you want to pick and choose the metadata to be removed. Select Tools > Protection > Remove Hidden Information. Acrobat generates a list of results showing metadata in the document. If you DO NOT WANT something removed, then uncheck it from the list. Use Edit >Preferences > Documents > Hidden Information to set preferences to remove hidden information when closing a document or sending by e-mail.
Use Tools > Protection > Sanitize Document to wipe out everything. Remember – it is a good practice (just as with Word, to make a COPY FIRST, before removing metadata.
There are also Third party metadata removal tools, including: Payne Group Metadata assistant BEC Legal’s Meta Reveal Rapid Redact from rapidredact.com (also metadata removal) Note: No Mac version from Payne – not sure about others
Best Practice – Always send files as PDFs whenever possible (no reason not to with word processing docs). Convert directly into PDF from your word prdocessing software Or if you want PDF creation software - Both Acrobat and Nuance offer PC and MAC versions Nuance – only professional and enterprise versions have metadata removal tools (doesn’t appear to be as robust as Acrobat) Both Acrobat Standard and Acrobat Pro have metadata inspection/removal: http://www.adobe.com/products/acrobat/matrix.html
Learn more about using Acrobat in the law office by visiting Rick Borstein’s blog
And finally, a Low Tech way to eliminate Metadata? Print and scan to PDF
Read the opinion, including the foonotes. For example: Footnote 3 – discusses the issue of spoliation for evidentiary purposes – specifically stating “A discussion of whether removal of metadata constitutes illegal tampering is beyond the scope of this opinion.” Footnote 8 – points out that “Although not required, the parties could agree, at the beginning of a transaction, not to review metadata as a condition of conducting negotiations.” If you’re struggling with reasonable care and what is or isn’t inadvertently included metadata, the opinion delves into this: The duty to use reasonable care so as not to reveal confidential information through metadata may be best illustrated by way of analogy to paper documents. For instance, a lawyer may send a draft of a document to opposing counsel through regular mail and inadvertently include a sheet of notes torn from a yellow legal pad identifying the revisions to the document. Another lawyer may print out a draft of the document marked up with the same changes as described on the yellow notepad instead of a “clean” copy and mail it to opposing counsel. In both situations, the lawyer has a duty to exercise reasonable care not to include notes about the revisions (the metadata) if it could prejudice the lawyer’s client in the matter Lawyer’s Use of Received Metadata If a lawyer who receives a document knows or should have known it was inadvertently sent, the lawyer must notify the sender promptly. Oregon RPC 4.4(b). Using the examples above, in the first instance the receiving lawyer may reasonably conclude that the yellow pad notes were inadvertently sent, as it is not common practice to include such notes with document drafts. In the second instance, however, it is not so clear that the “redline” draft was inadvertently sent, as it is not uncommon for lawyers to share marked-up drafts. Given the sending lawyer’s duty to exercise reasonable care in regards to metadata, the receiving lawyer could reasonably conclude that the metadata was intentionally left in. In that situation, there is no duty under Oregon RPC 4.4(b) to notify the sender of the presence of metadata. If in doubt: Call Bar Counsel 1-800-452-8260 Specific contact information: Helen Hierschbiel, General Counsel 503-620-0222 ext. 361 [email_address]
Contact Us – remember our services are free and confidential
Metadata: Complying with Oregon Formal Opinion 2011-187
Metadata: Complying with Oregon Formal Opinion 2011-187 Beverly Michaelis Sheila Blackford Dee Crocker Practice Management Advisors Professional Liability Fund
<ul><li>Path and File Name </li></ul><ul><li>Author </li></ul><ul><li>Date and Time Stamp </li></ul><ul><li>Company or Firm Name </li></ul>Examples of Metadata
<ul><li>Inserted Text </li></ul><ul><li>Document Versions </li></ul><ul><li>Comments </li></ul><ul><li>Headers and Footers </li></ul>Examples of Metadata
<ul><li>Tracked Changes </li></ul><ul><li>Template Information </li></ul><ul><li>Undo and Redo History </li></ul><ul><li>Network or Server Name </li></ul><ul><li>http://bit.ly/voJOnR </li></ul><ul><li>http://bit.ly/uxhJgW </li></ul>Examples of Metadata
All File Types Are Affected <ul><li>Word Processing Documents </li></ul><ul><li>Spreadsheets </li></ul><ul><li>Database Files </li></ul><ul><li>Images </li></ul><ul><li>Videos </li></ul>
All File Types Are Affected <ul><li>Sound Files </li></ul><ul><li>E-Mail Messages </li></ul><ul><li>Zip Files </li></ul><ul><li>PDFs </li></ul><ul><li>Every Electronic File </li></ul>
Best Practices for Word <ul><li>Copy Document </li></ul><ul><li>Headers? Footers? Watermarks? </li></ul><ul><li>Uncheck </li></ul><ul><li>Read More in Word Help </li></ul>
Invoke Warnings in Word <ul><li>Click Microsoft Office Button </li></ul><ul><li>Word Options </li></ul><ul><li>Trust Center, then Trust Center Settings … </li></ul><ul><li>Privacy Options </li></ul><ul><li>Check this Box: </li></ul>
Learn More <ul><li>Acrobat for Legal Professionals Blog: </li></ul><ul><li>http://blogs.adobe.com/acrolaw/ Posts on Document Sanitization: http://blogs.adobe.com/acrolaw/2011/06/code-obfuscation-for-patent-and-court-filings/ </li></ul>
<ul><li>Print </li></ul><ul><li>Scan </li></ul><ul><li>Save as PDF </li></ul>Low Tech Option
<ul><li>Read the Opinion http://www.osbar.org/_docs/ethics/2011-187.pdf </li></ul><ul><li>Footnote 3 – Spoliation </li></ul><ul><li>Footnote 8 – Parties Could Agree Not to Review Metadata </li></ul><ul><li>See Discussions </li></ul>Final Thoughts
Contact Us Beverly Michaelis [email_address] Sheila Blackford [email_address] Dee Crocker [email_address] PLF Practice Management Advisors www.osbplf.org 503-639-6911 - 800-452-1639 and confidential