It’s vital to regularly review how technology and your risks evolve.
How well are you managing your metadata risk?
Ethics and Metadata:
What Law Firms Need to Understand
DAVE KINSEY, PRESIDENT – TOTAL NETWORKS
STEPHANIE KINSEY, CEO/CFO – TOTAL NETWORKS
Metadata is information (data) that describes your data. Unfortunately, much of this metadata is “hidden”
and easily overlooked.
Metadata may include:
n Original Author: perhaps many
n Location of a Photo: automatically
captured by a phone GPS.
n History of email routing, including
timestamps, IP addresses.
n Email From/ To, Dates, Subject,
n Edit History: Track Changes,
AZ Ethics Opinion 07-03
From a preventative standpoint, opinion
07-03 advises lawyers must “take reasonable precautions to prevent the information (metadata) from coming into
the hands of unintended recipients”. The
opinion provides data scrubbing procedures and recommends metadata management software as well as informed
client consent in forgoing the use of this
ABA 477R & Technology Evolution
In May of this year, the ABA, in Formal
Opinion 477R (Securing Communication
of Protected Client Information) again
underscored the importance of keeping
up with technology. Some questions you
might consider when reviewing your
policies, procedures & training schedule:
n Have changes in areas of law,
contemplated. Litigation practices
are generally at highest risk of
inadvertent metadata disclosure.
n Do your policies and procedures
adequately address risks associated
Comments? Other metadata risks?
n Have the risks of the use of bcc
(blind carbon copy) in sending
emails been addressed?
n Do you have metadata management
software in place?
m Is it actively running/working?
m;Have you evaluated newer
approaches & technologies
to better manage the risk?
Bare Minimum Recommendation
Microsoft;Office;has;a;Metadata;warn-ing system which can alert you before
you save, print and in certain instances
email a document that it contains metadata. It is not enabled by default, but it
is;recommended;that;all;law;firms;con-sider enabling this feature throughout
There are more comprehensive approaches, but this basic warning feature
and protect sensitive metadata. It is a
simple and free starting point. However, due to technology advances, more
comprehensive approaches are now far
Older metadata management software
generally installs onto PCs and integrates with Microsoft Office, via Out-look;“add-ins”;in;particular.;Significant
challenges exist with this approach.
First, Outlook add-ins are one of the primary causes of Outlook crashes.
While the crashes themselves are a
problem, the more crucial challenge is
what happens in the aftermath of an
Outlook crash. After an Outlook crash,
up in “safe mode”. Outlook does this
because it wants to ensure you have a
good, stable experience and disabling
the add-in that was involved in the Out-
look crash can help accomplish this re-
sult. However, if you are counting on that
add-in to prevent inadvertent metadata
disclosure, safe mode will disable the
very software that you need. If you need
that add-in, then safe mode really means
Modern approaches no longer require Outlook add-ins and avoid these
challenges altogether. For example, you
may have your email system automatically review and scrub all metadata on
groups – such as an “opposing counsel”
group. For any email sent to “opposing
counsel”, you might not only have attachments stripped of all metadata, but
actually converted into PDF.
You may have another group, “
co-counsel”, where emails are unaltered.
You might have a default group where
you remove metadata by default, but do
not convert to PDF. You might allow the
ability to override default behaviors by
a special keyword in the email subject
or other means. These are sample work-flow;ideas;;many;workflow;options;are
available in modern approaches to fit
Once again, a regular review schedule
for risk management and technology
management is the key. Metadata management is just one of many risk items
that might be included in your technology management review and planning
Contact us at 602-412-5025 to answer specific questions or if
you are a legal expert in this area and are willing to share your
thoughts. As a non-lawyer member of the technology committee
of the State Bar of Arizona, and as a member of the Phoenix
legal community, Dave routinely collaborates with lawyer
experts for CLEs, and welcomes all overtures for collaboration.