Blog / Beware the metadata hiding in your files


16 May 2019

Your files are secretly full of it. Metadata – data about data – is often embedded in the electronic file itself. Therefore, if you are sharing files with clients, it is vital to understand how you might inadvertently be sharing metadata with them too.

Take back control of what you share

When stored internally, the metadata travels with the data to which it relates. As a result, when a copy of an electronic file is made, the internal metadata associated with the original file is included as well. If you’re sending files to clients, this could be a major nuisance – for example, they could uncover a wealth of confidential information hidden behind the scenes in a comments section that was originally only meant for internal use.

Whether you are sending out deal documents that are undergoing numerous rounds of revision between parties or forwarding confidential files to a client, you should ensure that all metadata is scrubbed or removed. This includes data such as total editing time, comments and anything else never intended to live beyond the draft stage, just in case anything incriminating ever falls into the wrong hands.

Various metadata scrubbing plug-ins are available; but if you don’t have these, then converting a Word, PowerPoint or Excel file into a PDF is an excellent way of erasing any metadata traces. Most PDF converters, such as Adobe, have a feature that allows you to eliminate metadata and annotations from an open PDF document.

US state bar associations weigh in

Is it dishonest to look for metadata in a document exchanged between counsel? US state bar associations are divided in their approaches.

On one hand, the state bar of New York concluded that conducting a purposeful search for metadata is unethical. The New York State Bar Association emphasised that "it is a deliberate act by the receiving lawyer, not carelessness on the part of the sending lawyer, that would lead to the disclosure of client confidences and secrets" in the embedded data.

However, the Maryland State Bar Association found nothing unethical with deliberately mining documents sent by opposing counsel outside the context of discovery for metadata.

While there are variations depending on each jurisdiction, many state bars agree that it would be a breach of ethics only if the metadata had been sent inadvertently, and that it is the lawyer’s duty to notify the sender. On the other hand, it must be stressed that a lawyer can still actively "mine" a document for metadata and acquire confidential and privileged information.

In light of this, it appears that the greater the significance of the information and the clearer it is that the information was sent by mistake, the more likely it is that it is unethical not to notify the sender of the presence of embedded data.

Best practice

To avoid issues, best practice for firms is to ensure that metadata is stripped before documents are sent out. Don’t get caught out sharing information you wanted to keep confidential!

But don’t despair; metadata isn’t all bad. There is no right amount of metadata. Too little and you leave your content unsupported – making it difficult for readers to navigate from different content articles, especially if the reader wants to read more of what your firm is writing about.

However, metadata can be beneficial when it comes to organising content on your firm’s website – why not assign content-related tags so that your content is read by the right audience? Even better, making your website searchable by those tags; a great way to improve your site’s navigation to your audience and enhance their online experience.