State Bar of Arizona Ethics Opinions
07-03: Confidentiality; Electronic Communications; Inadvertent Disclosure
While modern electronic communications are often greatly beneficial to the client, lawyers who use them to send or receive documents or other communications on behalf of clients must be aware that they carry certain risks. Lawyers must take reasonable precautions to prevent inadvertent disclosure of confidential information.
Except in the specific circumstances described in this opinion, a lawyer who receives an electronic communication may not examine it for the purpose of discovering the metadata embedded in it.
This opinion addresses the ethical duties of lawyers who send and receive electronic communications. Such communications may contain metadata. Metadata is information describing the document’s history, tracking, and management. Metadata may also include hidden information, such as track changes, comments, and other information. By “mining” the metadata in a document, it may be possible to identify the author of the document, the changes made to the document during the various stages of its preparation and revision, comments made by the persons who prepared or reviewed the document, and other documents embedded within the document.
For example, a lawyer who is preparing a document may electronically circulate the document in draft form among other lawyers in the firm for their review and comment. The other lawyers may insert their suggested revisions and other comments, some of which might address the strengths and weaknesses of the client’s position. If the final version of the document is electronically transmitted to opposing counsel, it may be possible for opposing counsel to discover the comments.
The sender of the document may not be aware of the metadata embedded within the document or that it remains in the electronic document despite the sender’s good faith belief that it was “deleted.” In most cases, metadata is inconsequential or otherwise known to the recipient of the document. In some situations, though, the metadata in the electronic document may permit the recipient of the document to obtain information that is confidential or privileged from disclosure. Given the importance of this subject matter, the Committee has determined that it is appropriate to issue a sua sponte opinion for the guidance of lawyers in Arizona.
1. If a lawyer sends an electronic communication, what ethical duty does the lawyer have to prevent the disclosure, through metadata embedded therein, of confidential or privileged information?
2. May a lawyer who receives an electronic communication examine it for the purpose of discovering the contents of the metadata that may be embedded within it?
RELEVANT ETHICAL RULES
ER 1.6 Confidentiality of Information
(a) A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation or the disclosure is permitted or required by paragraphs (b), (c) or (d), or ER 3.3(a)(3).
. . . .
ER 4.4 Respect for Rights of Others
. . .
(b) A lawyer who receives a document and knows or reasonably should know that the document was inadvertently sent shall promptly notify the sender and preserve the status quo for a reasonable period of time in order to permit the sender to take protective measures.
ER 8.4 Misconduct
It is professional misconduct for a lawyer to:
(a) violate or attempt to violate the Rules of Professional Conduct, knowingly assist or induce another to do so, or do so through the acts of another;
(b) commit a criminal act that reflects adversely on the lawyer's honesty, trustworthiness or fitness as a lawyer in other respects;
(c) engage in conduct involving dishonesty, fraud, deceit or misrepresentation;
(d) engage in conduct that is prejudicial to the administration of justice;
. . . .
RELEVANT ETHICS OPINIONS
ABA Formal Op. 06-442; Ala. Op. RO-2007-02; D.C. Op. 341; Fla. Op. 06-2; N.Y. State Bar Ops. 749 and 782
Duties of the Sender
“When transmitting a communication that includes information relating to the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients.” ER 1.6, cmt 20. What is “reasonable” in the circumstances depends on the sensitivity of the information, the potential consequences of its inadvertent disclosure, whether further disclosure is restricted by statute, protective order, or confidentiality agreement, and any special instructions given by the client. Id. See also Ala. Op. RO-2007-02 (March 14, 2007); Fla. Op. 06-2 (September 15, 2006); N.Y. State Bar Op. 782 (December 8, 2004). In the case of a lawyer who is employed by a corporation or by a governmental or other entity, “special instructions given by the client” might include the client’s informed consent to forego, for financial or other reasons, the acquisition or use of software that is designed to remove metadata from an electronic document. If a lawyer is asked to comment on a document prepared by another lawyer in the firm, and the commenting lawyer knows or reasonably should know that the document is ultimately intended for transmission to opposing counsel, he or she should consider whether the comment is the type that should be included within the draft. A lawyer who prepares a pleading, contract, or other document should use a “clean” form and not a document that was used for another client. The lawyer who sends an electronic document should be aware that the electronic document may be received or distributed to a person who is not a lawyer and who therefore does not have the duties of a recipient lawyer with respect to such document.
When removing or restricting access to metadata in documents produced or disclosed in litigation, the lawyer must take care not to violate any duty of disclosure to which the lawyer or the lawyer’s client is subject. For a recent discussion relating to the duty to preserve and disclose metadata in a litigation context, see Wyeth v. Impax Laboratories, Inc., 2006 WL 3091331 (D. Del. October 26, 2006). See also the Arizona Supreme Court’s order dated September 5, 2007, on rule-change petition R-06-0034 (amending, effective January 1, 2008, the Arizona Rules of Civil Procedure to include provisions relating to discovery and disclosure of “electronically stored information”).
Duties of the Recipient
A fundamental principle of the client-lawyer relationship is that, in the absence of the client’s informed consent, the lawyer must not reveal information relating to the representation…. This contributes to the trust that is the hallmark of the client-lawyer relationship. The public is better protected if full and open communication by the client is encouraged than if it is inhibited. The client is thereby encouraged to seek legal assistance and to communicate fully and frankly with the lawyer even as to embarrassing or legally damaging subject matter. The lawyer needs this information to represent the client effectively and, if necessary, to advise the client to refrain from wrongful conduct. Almost without exception, clients come to lawyers in order to determine their rights and what is, in the complex of laws and regulations, deemed to be legal and correct. Based upon experience, lawyers know that almost all clients follow the advice given, and the law is upheld.
ER 1.6, cmt 2 (internal citations omitted).
Lawyers, in light of this fundamental principle, and in keeping with their status as members of a learned profession, should refrain from conduct that amounts to an unjustified intrusion into the client-lawyer relationship that exists between the opposing party and his or her counsel. ER 8.4(a)-(d). See also Ala. Op. RO-2007-02.
Florida, in Op. 06-2, concluded that “[a] lawyer receiving an electronic document should not try to obtain information from metadata that the lawyer knows or should know is not intended for the receiving lawyer.” The New York State Bar Association, in Op. 749 (December 14, 2001), determined that a lawyer may not “intentional[ly] use . . . computer technology to surreptitiously obtain privileged or other confidential information” of an opposing party. Alabama, in Op. RO-2007-02, has adopted the New York position.
The American Bar Association (ABA), in Formal Op. 06-442 (August 5, 2006), concluded that the Model Rules of Professional Conduct do not prohibit such conduct. We respectfully decline to follow the ABA position. Despite the most reasonable and thorough precautions, and even with the best of intentions, it may not be possible for the sending lawyer to be absolutely certain that all of the potentially harmful metadata has been “scrubbed” from the document before it is transmitted electronically. Under the ABA position, the sending lawyer would be at the mercy of the recipient lawyer. Under such circumstances, the sending lawyer might conclude that the only ethically safe course of action is to forego the use of electronic document transmission entirely. We do not think that is realistic or necessary. Under the position adopted by Florida, New York, Alabama, and now Arizona, the sending lawyer is alerted to the potential problem and is reminded of the duty to take reasonable steps to prevent the inadvertent disclosure of confidential or privileged information. At the same time, except in the specific circumstances described below, the recipient lawyer has a corresponding duty not to “mine” the document for metadata that may be embedded therein or otherwise engage in conduct which amounts to an unjustified intrusion into the client-lawyer relationship that exists between the opposing party and his or her counsel.
We also note that there is a significant difference between the Model Rules of Professional Conduct as promulgated by the ABA and the Rules of Professional Conduct as adopted by the Arizona Supreme Court. Under Arizona’s version of ER 4.4(b), a “lawyer who receives a document and knows or reasonably should know that the document was inadvertently sent shall promptly notify the sender and preserve the status quo for a reasonable period of time in order to permit the sender to take protective measures.” While it might be argued that ER 4.4(b) is inapplicable because the document was not inadvertently sent, only the metadata embedded therein, we think that is an insubstantial distinction. If the document as sent contains metadata that reveals confidential or privileged information, it was not sent in the form in which it was intended to be sent, and the harm intended to be remedied by ER 4.4(b) is the same. Therefore, a lawyer who receives an electronic document from another party, and who discovers metadata embedded in the document that the lawyer knows or reasonably should know is revealing confidential or privileged information, has a duty to notify the sender and to preserve the status quo for a reasonable period of time in order to permit the sender to take protective measures. ER 4.4(b). We express no opinion on whether any evidentiary privilege continues to exist once an inadvertent disclosure has occurred, or whether the lawyer has incurred civil liability as the result of such disclosure. Those are questions of substantive law. Whether the sending lawyer has transgressed ER 1.6 will depend on what was reasonable in the circumstances.
We recognize that some metadata embedded within an electronic document may be discovered by the recipient through inadvertent or relatively innocent means, such as right-clicking a mouse or by holding the cursor over certain text in the document. We do not mean to imply that all such activity necessarily rises to a level of ethical concern. If, however, the recipient discovers metadata by any means, and knows or reasonably should know that the sender did not intend to transmit the information, the recipient has a duty to follow the procedures set forth in ER 4.4(b).
A lawyer who receives an electronic communication may attempt to discover the metadata that is embedded therein if he or she has the consent of the sender, or if such conduct is allowed by a rule, order, or procedure of a court or other applicable provision of law. Even so, if the lawyer comes across information that the lawyer knows or reasonably should know was not intended to be transmitted by the sender, the recipient has a duty to follow the procedures set forth in ER 4.4(b).
Lawyers who send communications or other documents electronically must be aware that such activity has inherent risks. Therefore, the lawyer must take reasonable measures to prevent the inadvertent disclosure of confidential client information. At the same time, and except in the specific circumstances set forth above, a lawyer who receives an electronic communication may not examine it for the purpose of discovering the metadata embedded in it. A recipient lawyer who discovers metadata embedded within an electronic communication and who knows or reasonably should know that the metadata reveals confidential or privileged information has a duty to comply with the procedures set forth in ER 4.4(b).
Formal opinions of the Committee on the Rules of Professional Conduct are advisory in nature only and are not binding in any disciplinary or other legal proceedings. © State Bar of Arizona 2007
 The District of Columbia, in Op. 341 (September 2007), held that “[a] receiving lawyer is prohibited from reviewing metadata sent by an adversary only where he has actual knowledge that the metadata was inadvertently sent.” (Emphasis added). While Op. 341 may reflect an effort to reach a middle ground between the position of the ABA, on the one hand, and the positions of Alabama, Florida, and New York on the other hand, we respectfully disagree with the District of Columbia. Subject to the specific exceptions described elsewhere in this opinion, a lawyer who receives an electronic communication should not be engaged in the intentional examination of the document’s metadata in the first place and, in our view, would bear the burden of establishing that any such intentional examination was for a proper purpose and not for the purpose of attempting to discover any confidential or privileged information that might be contained therein.