NEW YORK STATE BAR ASSOCIATION
Emailing documents that may contain hidden date reflecting client confidences and secrets
Committee on Professional Ethics
Opinion #782 – 12/08/2004
Topic: E-mailing documents that may contain hidden data reflecting client confidences and secrets.
Digest: Lawyers must exercise reasonable care to prevent the disclosure of confidences and secrets contained in “metadata” in documents they transmit electronically to opposing counsel or other third parties.
Code: DR 1-102(A)(5), 4-101(B), (C), (D); EC 4-5.
DR 4-101(B) states that a lawyer shall not “knowingly” reveal a confidence or secret of a client. Does a lawyer who transmits documents that contain “metadata” reflecting client confidences or secrets violate DR 4-101(B)?
Word-processing software commonly used by lawyers, such as Microsoft Word and Corel WordPerfect, include features that permit recipients of documents transmitted by e-mail to view “metadata,” which may be loosely defined as data hidden in documents that is generated during the course of creating and editing such documents. It may include fragments of data from files that were previously deleted, overwritten or worked on simultaneously. Metadata may reveal the persons who worked on a document, the name of the organization in which it was created or worked on, information concerning prior versions of the document, recent revisions of the document, and comments inserted in the document in the drafting or editing process. The hidden text may reflect editorial comments, strategy considerations, legal issues raised by the client or the lawyer, legal advice provided by the lawyer, and other information. Not all of this information is a confidence or secret, but it may, in many circumstances, reveal information that is either privileged or the disclosure of which would be detrimental or embarrassing to the client. SeeDR 4-101. For example, a lawyer may transmit a document by e-mail to someone other than the client without realizing that the recipient is able to view prior edits and comments to the document that would be protected as privileged attorney-client communications. Or, more dramatically, a prosecutor using a cooperation agreement signed by one confidential witness may use the agreement as a template in drafting the agreement for another confidential witness. The second document’s metadata could contain the name of the original cooperating witness, and if e-mailed, could expose that witness to extreme risks.The Lawyer’s Code of Professional Responsibility (the “Code”) prohibits lawyers from “knowingly” revealing a client confidence or secret, DR 4-101(B)(1), except when permitted under one of five exceptions enumerated in DR 4-101(C). DR 4-101(D) states that a lawyer “shall exercise reasonable care to prevent his or her employees, associates, and others whose services are utilized by the lawyer from disclosing or using confidences or secrets of a client.” See also EC 4-5 (“Care should be exercised by a lawyer to prevent the disclosure of the confidences and secrets of one client to another”). Similarly, a lawyer who uses technology to communicate with clients must use reasonable care with respect to such communication, and therefore must assess the risks attendant to the use of that technology and determine if the mode of transmission is appropriate under the circumstances. SeeN.Y. State 709 (1998) (“an attorney must use reasonable care to protect confidences and secrets”); N.Y. City 94-11 (lawyer must take reasonable steps to secure client confidences or secrets).When a lawyer sends a document by e-mail, as with any other type of communication, a lawyer must exercise reasonable care to ensure that he or she does not inadvertently disclose his or her client’s confidential information. What constitutes reasonable care will vary with the circumstances, including the subject matter of the document, whether the document was based on a “template” used in another matter for another client, whether there have been multiple drafts of the document with comments from multiple sources, whether the client has commented on the document, and the identity of the intended recipients of the document. Reasonable care may, in some circumstances, call for the lawyer to stay abreast of technological advances and the potential risks in transmission in order to make an appropriate decision with respect to the mode of transmission. SeeN.Y. State 709 (1998).Lawyer-recipients also have an obligation not to exploit an inadvertent or unauthorized transmission of client confidences or secrets. In N.Y. State 749, we concluded that the use of computer technology to access client confidences and secrets revealed in metadata constitutes “an impermissible intrusion on the attorney-client relationship in violation of the Code.” N.Y. State 749 (2003). See alsoN.Y. State 700 (1997) (improper for a lawyer to exploit an unauthorized communication of confidential information because doing so would constitute conduct “involving dishonesty, fraud, deceit or misrepresentation” and “prejudicial to the administration of justice” in violation of DR 1-102(A)(4) and DR 1-102(A)(5), respectively).
Lawyers have a duty under DR 4-101 to use reasonable care when transmitting documents by e-mail to prevent the disclosure of metadata containing client confidences or secrets.