Metadata: Complying with Oregon Formal Opinion 2011-187


Published on

Published in: Business, Technology, Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Welcome to Metadata: Complying with OSB Formal Opinion No. 2011-187
  • Our topics today include: Defining Metadata Understanding Your Ethical Duties Removing Metadata Final Thoughts
  • What is metadata? Basically, metadata is data about the data – when the file was created, who created it, where it is stored on the server And more…
  • Examples of metadata include: Path and File Name Author Date/Time Stamp Company or Firm Name
  • Inserted Text Document Versions Comments Headers and Footers
  • Tracked Changes Template Information Undo and Redo History Network or Server Name And the list goes on – Hidden Text Embedded objects or non-visible portions of embedded OLE objects Fast saves Other File properties Hyperlinks Initials Linked objects Matching font Personalized views Small font Summary details Styles For more information, see: – link to Metadata, Danger in Delight? From OSB Bulletin For an excellent technical article, see:
  • Ufile has metadata Word Processing Documents Spreadsheets Database Files Images Videos
  • Sound Files E-Mail Messages Zip Files PDFs Every Electronic File Of course the most critical are often word processing documents, since this is the type of document most often exchanged with opposing counsel, clients, etc.
  • So what are your ethical duties under newly issued Opinion 2011-187?
  • Your first ethical duty is to act competently. You have a duty to maintain a basic understanding of technology and The risks of revealing metadata OR…
  • If you don’t understanding the technology and the risks, you have a duty to obtain and utilize adequate technology support.
  • Your second duty is that of reasonable care - Use reasonable care to avoid the disclosure of confidential client information, particularly where the information could be detrimental to a client. Specifically, using reasonable care requires these steps: Prevent Inadvertent Disclosure Limit Nature of Metadata Limit Scope of Metadata
  • Reasonable care also requires: Controlling to whom the document is sent And Keeping up with technology \\ What constitutes reasonable care will change as technology evolves.
  • As to whether you can use metadata, opinion 2011-187 draws a distinction between metadata that was intentionally left in a document vs. metadata that was “inadvertently included”
  • If the receiving lawyer could reasonably conclude that metadata was intentionally left in a document, there is no duty to inform the sender of the presence of metadata and the receiving lawyer may use the metadata.
  • If the receiving lawyer knows or reasonably should know that metadata was inadvertently included -- Oregon RPC 4.4(b) requires notice to the sender. It does not require the receiving lawyer to return the document unread or to comply with a request by the sender to return the document.
  • So what are indicators that metadata may have intentionally been left in a document? The standard is whether you, as the receiving lawyer, could reasonably conclude that metadata was intentionally left. Not sure that would ever be the case – probably more likely that a sender had no clue the document had metadata. But in any case: If you receive a document in its native application, open it, and see tracked changes and comments when you weren’t expecting to see them (for example, when trading a redlined version of a document back and forth with opposing counsel), then you might be able to conclude the metadata was intentionally left
  • Probably the best indicator that any metadata included is inadvertent would be the fact that you received the document as a PDF (rather than its native format) and it had next to no metadata because of the PDF conversion.
  • The opinion also cautions that before deciding what to do with an inadvertently included metadata, the receiving lawyer should consult with the client about the risks of returning the document versus the risks of retaining and reading the document and its metadata.
  • Using Special Software to Reveal Metadata Searching for metadata using special software when it is apparent that the sender has made reasonable efforts to remove the metadata may be analogous to surreptitiously entering the other lawyer’s office to obtain client information and may constitute ‘conduct involving dishonesty, fraud, deceit, or misrepresentation.’ in violation of Oregon RPC 8.4(a)(3).
  • So how can you remove metadata? It can be done using word processing software, Acrobat, third-party removal tools, and there is also a “low tech method.”
  • In WordPerfect, select File Save Without Metadata….
  • WordPerfect gives you the option to remove all items listed.
  • In Word 2007 (and in other Microsoft Office products), you can inspect for and remove metadata: Click the Office button Choose Prepare Then Inspect Document
  • The document inspector appears, allowing you to search for the items listed above.
  • In Word 2010, steps are slight different: Click on File, UnderInfo, locate “Check for Issues – Prepare for Sharing” Select Inspect Document
  • Use Caution with Word 2007 or 2010: If you choose to inspect & remove “headers, footers, and watermarks” your headers & footers will be wiped out
  • Best practices for Word users: Copy the document FIRST “ Manually” review your headers and footers – including multiple sections – users often include file and pathname in footers Any watermarks present Follow the steps to Prepare and Inspect, but UNCHECK “headers, footers, and watermarks” You can read more about metadata removal in Word Help.
  • Another good idea in Word is to invoke trust center warnings (also available in Excel and PowerPoint): Click Microsoft Office Button Word Options Trust Center, then Trust Center Settings … Privacy Options Check this Box: (Warn before printing, saving, or sending a file that contains tracked changes or comments)
  • Even better – use PDF software In Acrobat 9, you can examine documents individually for metadata or set a preference to check everything. The steps are: Individual Documents in Acrobat Document > Examine Document… All Documents In Acrobat Edit > Preferences > Document > Examine Document When closing document When sending document by e-mail
  • In Acrobat X, select Tools, then Protection. You can “Remove Hidden Information” or “Sanitize Document.”
  • Use Remove Hidden Information when you want to pick and choose the metadata to be removed. Select Tools > Protection > Remove Hidden Information. Acrobat generates a list of results showing metadata in the document. If you DO NOT WANT something removed, then uncheck it from the list. Use Edit >Preferences > Documents > Hidden Information to set preferences to remove hidden information when closing a document or sending by e-mail.
  • Use Tools > Protection > Sanitize Document to wipe out everything. Remember – it is a good practice (just as with Word, to make a COPY FIRST, before removing metadata.
  • There are also Third party metadata removal tools, including: Payne Group Metadata assistant BEC Legal’s Meta Reveal Rapid Redact from (also metadata removal) Note: No Mac version from Payne – not sure about others
  • Best Practice – Always send files as PDFs whenever possible (no reason not to with word processing docs). Convert directly into PDF from your word prdocessing software Or if you want PDF creation software - Both Acrobat and Nuance offer PC and MAC versions Nuance – only professional and enterprise versions have metadata removal tools (doesn’t appear to be as robust as Acrobat) Both Acrobat Standard and Acrobat Pro have metadata inspection/removal:
  • Learn more about using Acrobat in the law office by visiting Rick Borstein’s blog
  • And finally, a Low Tech way to eliminate Metadata? Print and scan to PDF
  • Read the opinion, including the foonotes. For example: Footnote 3 – discusses the issue of spoliation for evidentiary purposes – specifically stating “A discussion of whether removal of metadata constitutes illegal tampering is beyond the scope of this opinion.” Footnote 8 – points out that “Although not required, the parties could agree, at the beginning of a transaction, not to review metadata as a condition of conducting negotiations.” If you’re struggling with reasonable care and what is or isn’t inadvertently included metadata, the opinion delves into this: The duty to use reasonable care so as not to reveal confidential information through metadata may be best illustrated by way of analogy to paper documents. For instance, a lawyer may send a draft of a document to opposing counsel through regular mail and inadvertently include a sheet of notes torn from a yellow legal pad identifying the revisions to the document. Another lawyer may print out a draft of the document marked up with the same changes as described on the yellow notepad instead of a “clean” copy and mail it to opposing counsel. In both situations, the lawyer has a duty to exercise reasonable care not to include notes about the revisions (the metadata) if it could prejudice the lawyer’s client in the matter Lawyer’s Use of Received Metadata If a lawyer who receives a document knows or should have known it was inadvertently sent, the lawyer must notify the sender promptly. Oregon RPC 4.4(b). Using the examples above, in the first instance the receiving lawyer may reasonably conclude that the yellow pad notes were inadvertently sent, as it is not common practice to include such notes with document drafts. In the second instance, however, it is not so clear that the “redline” draft was inadvertently sent, as it is not uncommon for lawyers to share marked-up drafts. Given the sending lawyer’s duty to exercise reasonable care in regards to metadata, the receiving lawyer could reasonably conclude that the metadata was intentionally left in. In that situation, there is no duty under Oregon RPC 4.4(b) to notify the sender of the presence of metadata. If in doubt: Call Bar Counsel 1-800-452-8260 Specific contact information: Helen Hierschbiel, General Counsel 503-620-0222 ext. 361 [email_address]
  • Questions?
  • Contact Us – remember our services are free and confidential
  • Metadata: Complying with Oregon Formal Opinion 2011-187

    1. 1. Metadata: Complying with Oregon Formal Opinion 2011-187 Beverly Michaelis Sheila Blackford Dee Crocker Practice Management Advisors Professional Liability Fund
    2. 2. Topics <ul><li>Defining Metadata </li></ul><ul><li>Understanding Your Ethical Duties </li></ul><ul><li>Removing Metadata </li></ul><ul><li>Final Thoughts </li></ul>
    3. 3. Defining Metadata
    4. 4. <ul><li>Path and File Name </li></ul><ul><li>Author </li></ul><ul><li>Date and Time Stamp </li></ul><ul><li>Company or Firm Name </li></ul>Examples of Metadata
    5. 5. <ul><li>Inserted Text </li></ul><ul><li>Document Versions </li></ul><ul><li>Comments </li></ul><ul><li>Headers and Footers </li></ul>Examples of Metadata
    6. 6. <ul><li>Tracked Changes </li></ul><ul><li>Template Information </li></ul><ul><li>Undo and Redo History </li></ul><ul><li>Network or Server Name </li></ul><ul><li> </li></ul><ul><li> </li></ul>Examples of Metadata
    7. 7. All File Types Are Affected <ul><li>Word Processing Documents </li></ul><ul><li>Spreadsheets </li></ul><ul><li>Database Files </li></ul><ul><li>Images </li></ul><ul><li>Videos </li></ul>
    8. 8. All File Types Are Affected <ul><li>Sound Files </li></ul><ul><li>E-Mail Messages </li></ul><ul><li>Zip Files </li></ul><ul><li>PDFs </li></ul><ul><li>Every Electronic File </li></ul>
    9. 9. Understanding Your Ethical Duties
    10. 10. Act Competently <ul><li>Basic Understanding of Technology and </li></ul><ul><li>Risks of Revealing Metadata </li></ul>
    11. 11. Act Competently <ul><li>Obtain and Utilize Adequate Technological Support </li></ul>
    12. 12. Use Reasonable Care <ul><li>Prevent Inadvertent Disclosure </li></ul><ul><li>Limit Nature of Metadata </li></ul><ul><li>Limit Scope of Metadata </li></ul>
    13. 13. Use Reasonable Care <ul><li>Control Recipients </li></ul><ul><li>Keep Up! </li></ul>
    14. 14. Using Metadata <ul><li>Was it Intentionally Left? </li></ul><ul><li>Or Inadvertently Included? </li></ul>
    15. 15. Intentionally Left <ul><li>No Duty to Inform </li></ul><ul><li>Metadata Can Be Used </li></ul>
    16. 16. Inadvertently Included <ul><li>Must Inform Sender </li></ul><ul><li>No Requirement to Return </li></ul><ul><li>Recipient May Read </li></ul>
    17. 17. Indicators of Intention? <ul><li>Sent in Native Application </li></ul><ul><li>Tracked Changes Visible </li></ul><ul><li>Comments Visible </li></ul><ul><li>File Properties Apparent </li></ul>
    18. 18. The Best Indicator Metadata is Inadvertent?
    19. 19. Duty to Consult
    20. 20. Conduct Involving Dishonesty Metadata Detection Software
    21. 21. Removing Metadata <ul><li>Word Processing Software </li></ul><ul><li>Acrobat </li></ul><ul><li>Third Party Tools </li></ul><ul><li>Low Tech </li></ul>
    22. 22. WordPerfect <ul><li>File </li></ul><ul><li>Save Without Metadata… </li></ul>
    23. 23. WordPerfect Options
    24. 24. Word 2007 <ul><li>Click the Microsoft Office Button </li></ul><ul><li>Choose Prepare </li></ul><ul><li>Inspect Document </li></ul>
    25. 25. Document Inspector Options
    26. 26. Word 2010
    27. 27. Caution!
    28. 28. Best Practices for Word <ul><li>Copy Document </li></ul><ul><li>Headers? Footers? Watermarks? </li></ul><ul><li>Uncheck </li></ul><ul><li>Read More in Word Help </li></ul>
    29. 29. Invoke Warnings in Word <ul><li>Click Microsoft Office Button </li></ul><ul><li>Word Options </li></ul><ul><li>Trust Center, then Trust Center Settings … </li></ul><ul><li>Privacy Options </li></ul><ul><li>Check this Box: </li></ul>
    30. 30. Acrobat 9 Individual Documents in Acrobat Document > Examine Document… <ul><li>All Documents In Acrobat </li></ul><ul><li>Edit > Preferences > Document > Examine Document </li></ul><ul><ul><li>When closing document </li></ul></ul><ul><ul><li>When sending document by e-mail </li></ul></ul>
    31. 31. Acrobat X <ul><li>Remove Hidden Information … or </li></ul><ul><li>Sanitize Document </li></ul>Tools > Protection
    32. 32. <ul><li>Select Objects to be Removed </li></ul><ul><li>Use Edit >Preferences > Documents </li></ul>Acrobat Remove Hidden Information
    33. 33. Acrobat Sanitize Document
    34. 34. Third Party Metadata Removal
    35. 35. Best Practice Always Send Documents as PDFs
    36. 36. Learn More <ul><li>Acrobat for Legal Professionals Blog: </li></ul><ul><li> Posts on Document Sanitization: </li></ul>
    37. 37. <ul><li>Print </li></ul><ul><li>Scan </li></ul><ul><li>Save as PDF </li></ul>Low Tech Option
    38. 38. <ul><li>Read the Opinion </li></ul><ul><li>Footnote 3 – Spoliation </li></ul><ul><li>Footnote 8 – Parties Could Agree Not to Review Metadata </li></ul><ul><li>See Discussions </li></ul>Final Thoughts
    39. 40. Contact Us Beverly Michaelis [email_address] Sheila Blackford [email_address] Dee Crocker [email_address] PLF Practice Management Advisors 503-639-6911 - 800-452-1639 and confidential