Metadata: To Scrub or Not To Scrub

February 01, 2008

Robert Brownstone, Law and Technology Director at Fenwick & West, recently wrote an article published in California Bar Journal, the official publication of The State Bar of California.

Brownstone cautions against the hidden dangers of electronic document metadata or data about data. In the legal and Information Technology (IT) worlds, the term "metadata," generally refers to information describing the history, tracking or management of an electronic document. It may fall into three categories: file system, email, and document or embedded data. Brownstone offers relevant examples of how each type of metadata has the potential to cause unintended problems in the future.

File system metadata, for example, tracks authorship and modifications of electronic files. If lawyers fail to remove certain metadata, they may inadvertently divulge another client's name. Email metadata, a sub-category of file system metadata, may offer additional insight into a sender's domain and the route a message has traveled. Document or embedded data is the most complex and may be the most dangerous, as individuals are often unaware that certain embedded content still exists in the file. Examples include revision changes, such as the "track changes" function in Microsoft Word, text in white font, and text in trailers. When exposed these metadata may reveal confidential information and could even lead to a breach of attorney-client privilege.

Lawyers must be aware of the implicit legal, procedural, technological and ethical obligations of metadata. Metadata mishaps may be avoided with Brownstone's "Three E's": Establish, Educate, and Enforce. Firms should create overall information management policies, appropriately train employees, and deploy requisite software, such as a document scrubbing program. These basic steps protect sensitive information and are necessary to avoid the hidden dangers of metadata.