Excerpted from Arizona Employment Law Letter and written by an attorney at the law firm of Ford & Harrison LLP


Metadata is becoming an ever-present threat to today's legal and business interactions. While the concept sounds daunting, it's important to understand what metadata is, how it can be used against you, and how to limit the associated risks.

Out with the antiquus, in with the novus

Lawyers use such weird terms these days. I yearn for simpler times. It seems like only yesterday when attorneys would meet and offer such straightforward sentiments as: "Our judge just ruled, sua sponte, that the evidence establishes only de minimis violations." Then they would pat each other on the back and say: "Res ipsa loquitur." That always got a good laugh.

Not anymore. Now our clients want us to say everything in plain English. But even plain English is getting complicated. Our information society is infused with weird new words like "gigabyte" and acronyms like "ROTFLMAO." Luckily, unless you work in IT or you have a kid with a MySpace page, you can pretty much ignore that techno-babble  just like you (hopefully) ignored our legal jabber.

Unfortunately, now more than ever, employees' attorneys are well versed in this techno-lexicon. And while many of these terms never surface in court, they become tools in a new arsenal designed to attack you. For that reason, we caution you to put a techno-concept on your radar: metadata.

Metawhat?

While many of you have probably heard the term floating around, it's important to understand what it really means and how it can be used against you. Metadata, put simply, is data about data. Put another way, it's data embedded in a file that contains information about the file. If you've ever used "Track Changes" in Microsoft Word or looked at a file's properties in either Windows Explorer or OS X's Finder, you've already seen an obvious example of how metadata works.

Usually, metadata is innocuous and helpful, such as when you want a coworker to see the changes you made to her document or if you want to see the date a document was created to understand if you're dealing with the most recent version. In those instances, the program's automatic tracking functions improve our workflow.

But other times  like when you're in the heat of negotiation  that information can be unnecessarily revealing. For example, if you just sent a Word document to a party with whom you're negotiating a purchase and forgot to turn off "Track Changes," you may have just clued your adversary in to your thought processes. So when the adversary calls you with a counteroffer that just happens to match a price you thought you deleted from the document, you'll understand where he got it.

Additionally, metadata often will reveal information such as the name of the computer on which the document was created, the document's author, the dates it was created and modified, and the identities of those who accessed and printed the document. While often innocuous, that information can communicate volumes to a business or legal adversary. In the legal arena, clients may inadvertently waive attorney-client privilege by sending an adversary metadata revealing comments left by their counsel.

As you can see, while metadata sounds like it should remain your IT person's problem, it allows every e-mail-wielding employee to expose you to liability.

Metaethics

There are only a few state bars that have weighed in on the issue. Two, Florida and New York, decided that looking at metadata was improper (Florida likened viewing it to "rifling through someone's briefcase"), while a third, Maryland, found that reviewing metadata wasn't an ethics violation.

Despite the ethical uncertainty surrounding metadata, there's no guarantee that an ethical rule would keep another business or attorney from taking advantage of information learned from metadata. Thus, it's important that you lower your exposure to the risks of metadata.

Metamitigation

Luckily, limiting your exposure is pretty simple. There are two main methods we recommend for limiting the amount of metadata available to other parties.

First, you can convert your document to a PDF (portable document file) before giving it to anyone outside your organization. The converted PDF will still contain some metadata, such as the date the document was created, but it shouldn't have any of the other document data (such as "Track Changes" and "Comments") that programs often include. Also, there are two types of PDFs: image PDFs and text PDFs. If you convert your document to an image PDF, the recipient will be unable to manipulate the text without jumping through hoops.

If you want to "clean" your documents even further before sending them out, you may purchase software applications built for the job. This is where you'll want your IT person's input. The best software will automatically scrub every document attached to a piece of e-mail before it leaves your employees' computers. There are a number of applications that will do the job, and a quick Google search should point you in the right direction.

Of course, a third option is to go back to putting everything on paper. But if you've read The Da Vinci Code or seen National Treasure, you'll know that even paper can be deceiving.



Copyright 2007 M. Lee Smith Publishers LLC. This article is an excerpt from ARIZONA EMPLOYMENT LAW LETTER. ARIZONA EMPLOYMENT LAW LETTER should not be construed as legal advice or a legal opinion on any specific facts or circumstances. The contents are intended for general information purposes only. Anyone needing specific legal advice should consult an attorney. For further information about the content of any article in this newsletter, please contact any of the editors.