Opinion 665

Statement of Facts Discussion Conclusion

Lawyer A represents a client in the settlement of a civil lawsuit.  Lawyer A sends a draft settlement agreement to opposing counsel, Lawyer B, as an attachment to an email. The attachment includes embedded data, commonly called metadata. This metadata is digital data that is not immediately visible when the document is opened by the recipient of the email but can be read either through the use of certain commands available in word-processing software or through the use of specialized software. In this case, the metadata includes information revealing confidential information of the client of Lawyer A related to ongoing settlement negotiations. Lawyer B has no reason to believe that Lawyer A intended to include this metadata in the attachment. 

In this opinion, “confidential information” refers to both privileged information and unprivileged client information, as defined in Rule 1.05(a) of the Texas Disciplinary Rules of Professional Conduct.

The exchange of electronic documents is an essential part of modern law practice. When an electronic document is created or edited, some computer programs will automatically embed information in the document. Embedded information that describes the history, tracking, or management of an electronic document is commonly known as “metadata.” A common example of metadata is embedded information that describes the identity of the owner of the computer that created the document and the date and time of creation. Similarly, some computer programs use embedded metadata to track the changes made to a document as well as the comments of the various reviewers of the document.

Frequently the exchange of metadata between lawyers is either mutually beneficial or otherwise harmless, such as when a lawyer intentionally transmits a document containing tracked changes in order to facilitate the negotiating process. However, the inadvertent disclosure of metadata containing a client’s confidential information could be harmful to the client. The risk of such inadvertent disclosure is heightened by the fact that metadata is generally not visible from the face of an electronic document unless the user takes some additional action.

The first question raised is whether the Texas Disciplinary Rules of Professional Conduct require lawyers to take steps to prevent the inadvertent transmission of metadata containing confidential information. The answer is governed by Rules 1.01 and 1.05.

With certain exceptions not relevant here, Rule 1.01 generally prohibits a lawyer from accepting or continuing “employment in a legal matter which the lawyer knows or should know is beyond the lawyer’s competence.” “Competence,” as defined by the Terminology Section of the Texas Disciplinary Rules,  “denotes possession or the ability to timely acquire the legal knowledge, skill, and training reasonably necessary for the representation of the client.”

Rule 1.05 generally prohibits lawyers from knowingly revealing confidential information to a lawyer representing the opposing party, subject to limited exceptions set out in the Rule. Rule 1.05 reflects a lawyer’s duty “to maintain confidentiality of information acquired by the lawyer during the course of or by reason of the representation of the client.” Comment 2 to Rule 1.05. “Knowingly,” as used in Rule 1.05, “denotes actual knowledge of the fact in question. A person’s knowledge may be inferred from circumstances.” Terminology Section of the Texas Disciplinary Rules. 

In the opinion of the Committee, a lawyer’s duty of competence requires that lawyers who use electronic documents understand that metadata is created in the generation of electronic documents, that transmission of electronic documents will include transmission of metadata, that the transmitted metadata may include confidential information, that recipients of the documents can access metadata, and that actions can be taken to prevent or minimize the transmission of metadata. Lawyers therefore have a duty to take reasonable measures to avoid the transmission of confidential information embedded in electronic documents, including the employment of reasonably available technical means to remove such metadata before sending such documents to persons to whom such confidential information is not to be revealed pursuant to the provisions of Rule 1.05. Commonly employed methods for avoiding the disclosure of confidential information in metadata include the use of software to remove or “scrub” metadata from the document before transmission, the conversion of the document into another format that does not preserve the original metadata, and transmission of the document by fax or hard copy.

Whether a lawyer has taken reasonable measures to avoid the disclosure of confidential information in metadata will depend on the factual circumstances. Relevant factors in determining reasonableness include the steps taken by the lawyer to prevent the disclosure of the confidential information in metadata, the sensitivity of the metadata revealed, the identity of the intended recipient, and other considerations appropriate to the facts. Not every inadvertent disclosure of confidential information in metadata will violate Rule 1.05. 

The second question is whether the Texas Disciplinary Rules impose particular duties on a lawyer who receives an electronic document containing metadata that appears to include confidential information of another party. There is no specific provision in the Texas Disciplinary Rules requiring a lawyer to take or refrain from taking any particular action in such a situation. See Professional Ethics Committee Opinion 664 (October 2016) (“The Texas Disciplinary Rules of Professional Conduct do not prescribe a specific course of conduct a lawyer must follow upon the unauthorized or inadvertent receipt of another party’s confidential information outside the normal course of discovery.”).

In the absence of specific provisions of the Texas Disciplinary Rules governing this situation, the Committee can offer only limited guidance for lawyers dealing with the receipt of documents containing metadata. In most circumstances, the provisions of the Texas Disciplinary Rules that must be considered by lawyers with respect to the receipt of documents containing metadata are Rule 8.04(a)(3), which requires that a lawyer shall not “engage in conduct involving dishonesty, fraud, deceit or misrepresentation,” and Rule 3.03(a)(1), which requires that a lawyer shall not knowingly “make a false statement of material fact or law to a tribunal.” Thus, although the Texas Disciplinary Rules do not prohibit a lawyer from searching for, extracting, or using metadata and do not require a lawyer to notify any person concerning metadata obtained from a document received, a lawyer who has reviewed metadata must not, through action or inaction, convey to any person or adjudicative body information that is misleading or false because the information conveyed does not take into account what the lawyer has learned from such metadata. For example, a Texas lawyer, in responding to a question, is not permitted to give an answer that would be truthful in the absence of metadata reviewed by the lawyer but that would be false or misleading when the lawyer’s knowledge gained from the metadata is also considered.

The Committee notes that professional ethics standards in some other jurisdictions include specific requirements applicable to this situation.  These specific requirements vary from state to state and may include a requirement to notify the sender of a document believed to contain inadvertently sent metadata and a requirement not to search for or read such metadata.  For example, a number of jurisdictions have adopted part or all of the approach used in the current version of Rule 4.4(b) of the American Bar Association Model Rules of Professional Conduct, which provides:

“A lawyer who receives a document or electronically stored information relating to the representation of the lawyer’s client and knows or reasonably should know that the document or electronically stored information was inadvertently sent shall promptly notify the sender.”

To the extent a Texas lawyer becomes subject to the disciplinary rules of other jurisdictions, the lawyer may be subject to additional requirements concerning the treatment of metadata that would not be applicable if only the Texas Disciplinary Rules of Professional Conduct were considered. 

The Committee also cautions that a lawyer’s conduct upon receipt of an opponent’s confidential information may have material consequences for the client, including the possibility of procedural disqualification. See In re Meador, 968 S.W.2d 346, 351-52 (Tex. 1998) (in a case not involving metadata, discussing factors to be considered in deciding whether to disqualify counsel who received the opposing party’s privileged information outside of discovery, including the promptness with which the lawyer notified the opposing counsel of the circumstances). If in a given situation a client will be exposed to material risk by a lawyer’s intended treatment of an opponent’s inadvertently transmitted confidential information contained in metadata, the lawyer should discuss with the client the risks and benefits of the proposed course of action as well as other possible alternatives so that the client can make an informed decision. See Rule 1.03(b) (“A lawyer shall explain a matter to the extent reasonably necessary to permit the client to make informed decisions regarding the representation.”).  

This opinion applies only to the voluntary transmission of electronic documents outside the normal course of discovery. The production of electronic documents in discovery is governed by court rules and other law, which may prohibit the removal or alteration of metadata. Court rules may also govern the obligations of a lawyer who receives inadvertently transmitted privileged information in the course of discovery. See, e.g., Tex. R. Civ. P. 193.3(d).

The Texas Disciplinary Rules of Professional Conduct require lawyers to take reasonable measures to avoid the transmission of confidential information embedded in electronic documents, including the employment of reasonably available technical means to remove such metadata before sending such documents to persons other than the lawyer’s client. Whether a lawyer has taken reasonable measures to avoid the disclosure of confidential information in metadata will depend on the factual circumstances.

While the Texas Disciplinary Rules of Professional Conduct do not prescribe a specific course of conduct for a lawyer who receives from another lawyer an electronic document containing confidential information in metadata that the receiving lawyer believes was not intended to be transmitted to the lawyer, court rules or other applicable rules of conduct may contain requirements that apply in particular situations.  Regardless, a Texas lawyer is required by the Texas Disciplinary Rules to avoid misleading or fraudulent use of information the lawyer may obtain from the metadata. In the absence of specific governing provisions, a lawyer who is considering the proper course of action regarding confidential information in metadata contained in a document transmitted by opposing counsel should determine whether the possible course of action poses material risks to the lawyer’s client. If so, the lawyer should explain the risks and potential benefits to the extent reasonably necessary to permit the client to make informed decisions regarding the matter.