1 Metadata, Electronic File Management and File Destruction By David Outerbridge, Torys LLP A. Metadata What is Metadata? Metadata is usually defined as data about data. It is a level of extra information that is automatically created and embedded in a computer file. 1 Metadata is information about a particular data set or document which describes how, when and by whom it was collected, created, accessed, modified and how it is formatted. Metadata can be altered intentionally or inadvertently, and can be extracted when native files are converted to image. Some metadata, such as file dates and sizes, can easily be seen by users; other metadata can be hidden or embedded and unavailable to computer users who are not technically adept. Metadata is generally not reproduced in full form when a document is printed. 2 Examples of Metadata Examples of metadata include: Track changes marks that show where a deletion, insertion or other editing change has been made in a document; Comments notes or annotations that an author or reviewer adds to a document; Hidden text text that is visible to search engines but invisible to humans, sometimes accomplished by using text in the same colour as the background colour of the page; Macros mini programs that will execute a series of commands in series, saving the user having to repeat typing or data input; Hyperlinks; Template information information that determines the basic structure for a document and contains document settings such as fonts, macros, page layout, special formatting and styles; Document versions; Document revisions; 1 LawPro, Managing the Security and Privacy of Electronic Data in a Law Office, p. 23 at 2 The Sedona Conference Glossary: E-Discovery and Digital Information Management, A Project of the Sedona Conference Working Group on Electronic Document Retention and Production (the Sedona Glossary ), available at under Publications.
2 The names of the current and previous document authors; The company or organization name of the author of the document; Security for Lawyers in a Wired World Other file properties and summary information, such as file size, data/time the file was created,. Modified or accessed, and the location where the file is stored (e.g., C:\MyDocuments\StolenIntellectualProperty\Bob sideas) The name of the author s computer; and The name and type of the printer a document was printed on. 3 The Pitfalls of Metadata Disclosing privileged, confidential or embarrassing metadata Lawyers may unwittingly be sending privileged, confidential or embarrassing metadata to clients or opposing counsel. For example, every Word, Excel and PowerPoint document contains metadata, which may be inappropriate to send to others, depending on the circumstances. Often, documents contain hidden metadata that can only be seen with special software. However, hidden metadata can become visible accidentally, such as when WordPerfect opens and improperly converts a Word file, or when a corrupted file is opened. In these instances, both of which are quite possible in a law office, the normally visible text and hidden metadata can appear on a computer screen. Many electronic files (e.g., Word files) also contain visible metadata that can be easily accessed without specialized software. 4 The problem with metadata, especially for lawyers, arises when people electronically share files as attachments via , on a portable medium, over a network or through an extranet. 5 Deleting metadata that is subject to a litigation hold Some metadata is easily altered or destroyed through the inadvertent conduct of a lawyer or client in, for example, accessing an electronic file. The act of accessing the file changes the metadata that shows the last access date/time, the last person to access the file, and other information. In a litigation matter in which electronic files are subject to a preservation obligation, such inadvertent destruction of metadata could amount to sanctionable spoliation, if the destroyed metadata was relevant and important. Lawyers need to take care to ensure that electronic files that are to be received from clients in connection with litigation matters are properly preserved, collected and processed to ensure that all relevant metadata is captured unaltered. Although in many cases most of the metadata will be 3 LawPro, Managing the Security and Privacy of Electronic Data in a Law Office, p. 23 at Privacy Commissioner of Canada, Fact Sheet: The Risks of Metadata at 4 In Word files, for example, click on File, then Properties, to see information on the person and organization that created a document, the total editing time for the document, information about s to which the document was attached, and other information. 5 LawPro, Managing the Security and Privacy of Electronic Data in a Law Office, pp at
3 irrelevant, counsel must consider the potential relevance of metadata in each case, and advise the client accordingly at an early stage in the file. 6 How to Remove Metadata Lawyers should seek to reduce or eliminate metadata in electronic files that they share. There are several options 7 : Converting files to PDF format with Adobe Acrobat or other PDF software will usually strip out most metadata. Lawyers should consider adopting a practice of sending only locked PDF documents to clients or opposing counsel, if the recipient does not need to edit the document. Remember, though, that PDF files contain their own metadata created at the time of file conversion. In cases where it is necessary for the recipient to edit the file, it is possible to send the file in its native format (rather than PDF) but without metadata. Several software programs are available on the market that help to identify and clean metadata from documents. Word, PowerPoint and Excel users should turn off the Fast Saves feature, which allows a computer to more quickly save a file by not removing deleted text. Users of features such as track changes, document versions or comments should be sure to delete the information being kept within the document with those features. B. Total Data Destruction It is important for lawyers to understand that the total destruction of electronic data does not occur simply through file deletion. Deletion of an electronic file merely renders the file inaccessible using ordinary software tools. Until the file is overwritten on the hard drive (which may not occur for some time, and may occur on a piecemeal basis), the contents of the file, or some of it, remains accessible if specialized software tools are used. This has implications both where a lawyer or client has an obligation to destroy data (but merely deletes it), and where it is desired (for example, as part of an investigation or in connection with litigation) to retrieve and reconstitute data previously deleted. The Sedona Glossary explains the concept of data deletion and its distinction from data destruction as follows: Deletion is [t]he process whereby data is removed from active files and other data storage structures on computers and rendered inaccessible except through the use of special data recovery tools designed to recover deleted data. Deletion occurs on several levels in modern computer systems: (a) File level deletion renders the file inaccessible to the operating system and normal application programs and marks the storage space occupied by the file s directory entry and contents as free and 6 For a sample memorandum to a client addressing document preservation, collection and disclosure obligations, see the Ontario E-Discovery Implementation Committee s Model Document #3: Memorandum to Corporate Client Regarding Documentary Discovery and Model Document #4: Memorandum to an Individual Client Regarding Documentary Discovery at 7 These options are drawn from LawPro, Managing the Security and Privacy of Electronic Data in a Law Office, pp , at where additional detail on the options and available software tools is provided.
4 available to re-use for data storage, (b) Record level deletion occurs when a record is rendered inaccessible to a database management system (DBMS) (usually marking the record storage space as available for re-use by the DBMS, although in some cases the space is never reused until the database is compacted) and is also characteristic of many systems, (c) Byte level deletion occurs when text or other information is deleted from the file content (such as the deletion of text from a word processing file); such deletion may render the deleted data inaccessible to the application intended to be used in processing the file, but may not actually remove the data from the file s content until a process such as compaction or rewriting of the file causes the deleted data to be overwritten. 8 The obligation to destroy data completely The need to destroy electronic data completely arises in a number of contexts in a lawyer s practice. For example: Hardware refreshes: When a lawyer replaces computer hardware used in the law practice, it is essential to ensure that all privileged and confidential data stored on the hardware that is being replaced is completely destroyed. If the data is only deleted, the data will remain on the storage medium and will be retrievable by a subsequent user using the right tools. The potential for significant breaches of solicitor-client privilege or other confidentiality obligations is high. There are a variety of electronic tools available in the market that permit the complete erasure and overwriting of hard drives. 9 Personal information: Lawyers and their clients frequently come into possession of personal information that is subject to protection under federal or provincial privacy legislation. Most notably, in Ontario, the federal Personal Information Protection and Electronic Documents Act requires that, where an organization subject to the statute has collected personal information that is no longer required to fulfil its identified purposes, the personal information should be destroyed, erased, or made anonymous. 10 This means that, for example, any personal information collected by a law firm that is no longer required for the purposes for which it was collected (e.g., relating to former employees) must be expunged from electronic files at the appropriate time. The same is true for personal information collected by a client that resides in a lawyer s file. Deleting the data without destroying it may not be sufficient, if there is a real risk of the personal information being retrieved at a later date. Protective orders and confidentiality agreements: Lawyers are often required to implement protective orders and confidentiality agreements that call for the destruction of confidential documents after the documents cease to be used, whether in litigation or otherwise. There is generally a requirement to certify that destruction has occurred. Again, mere deletion of the data without actually destroying it may not effect compliance with the order or agreement. It is 8 See note 2 above. 9 Simply search data destruction erasure wiping in Google or any other search engine to find a number of products. 10 Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, Schedule 1, s
5 a best practice for lawyers involved in preparing a draft protective order or confidentiality agreement to include language describing with precision the type of destruction required. Retrieving deleted data In litigation matters, whether the litigation involves the lawyer as a direct party or as counsel for a client, situations arise in which a deleted electronic file is determined to be relevant and important to the case. Deleted files are particularly germane in cases involving fraud or the theft of intellectual property or confidential information, but there can be benefits of retrieving deleted files in a variety of other situations. A consensus appears to be forming that parties to litigation are not required to retrieve deleted files in the ordinary course in order to comply with their document disclosure and production obligations. 11 However, there will be instances in which retrieval of deleted files is called for. In those instances, it is appropriate to retain a specialized forensic data recovery expert to effect the file retrieval. C. The Importance of Effective Electronic File Management Effective electronic file management is critical for lawyers, not only to achieve efficiency and avoid data loss, but also to ensure compliance with legal requirements. Like all commercial enterprises, law firms are subject to legal obligations to retain records, both in order to comply with legislated maximum retention periods for certain classes of records, and to comply with preservation obligations arising as a result of litigation and court orders. The retention obligations for law firms are more complex than for many other enterprises, because law firms must consider not only their obligation to retain their own records, but also the obligations to which their clients are subject, as well as the lawyer s obligation to protect important client documents that have been entrusted to the lawyer for safekeeping. Some specific issues that lawyers need to consider with respect to the retention of electronic files include: 11 See Principle #6 of The Sedona Canada Principles Addressing Electronic Discovery (January 2008), available at under Publications. Under new Rule 29.1 of the Ontario Rules of Civil Procedure, which comes into force on January 1, 2010, parties are required to consult and have regard to the Sedona Canada Principles in developing a discovery plan. Principle #6 of the Sedona Canada Principles states: A party should not be required, absent agreement or a court order based on demonstrated need and relevance, to search for or collect deleted or residual electronically stored information. The Commentary relating to Principle #6 states in part: Such data may be discoverable, but the evaluation of the need for and relevance of such discovery should be analyzed on a case by case basis. Ordinarily, searches for electronically stored information will be restricted to electronically stored information that is available from reasonably accessible sources. In the absence of demonstrated need for the collection of hidden files, system logs, deleted files, fragmented data and partially over-written files, the scope of collection should be limited to the relevant electronically stored information that would have been used in the ordinary course of business.
6 Custody of client electronic files: When lawyers take custody of client electronic files that are subject to disclosure and production in litigation, they assume direct control and responsibility for the continued integrity of the files, and for demonstrating the chain of custody of the files while in their possession. Law firms should develop detailed protocols for receiving, retaining and relinquishing custody of client electronic files, and for the storage, copying and processing of the files while in the possession of the law firm. It is important that the law firm take the necessary steps to avoid the inadvertent spoliation of electronic evidence received from the client, such as through destruction of relevant metadata, or destruction of files while processing the files for production in the litigation. Similarly, the law firm must ensure that, in the event it becomes necessary to prove at trial that an electronic file is authentic and has not been altered since it was first created by the client, the law firm is able to demonstrate authenticity, integrity and continuity by reference to its own internal protocols and record keeping with respect to the manner in which the electronic file was received, stored, processed and produced. In this respect, lawyers should have regard to the requirements of the Canada Evidence Act 12 and Ontario Evidence Act 13 governing the admissibility of electronic evidence. For best practices regarding the steps to be taken to ensure admissibility, see Electronic Records as Documentary Evidence (CAN/CGSB ) prepared by the Canadian General Standards Board. 14 Electronic copies of paper records: Many law firms are moving toward the increased digitization of records. This includes a trend toward scanning paper records and retaining the electronic images of these records in lieu of retaining the hard copy. Some care is required in implementing an imaging policy, whether for client records or the law firm s own records. There are some original paper documents that should be retained in hard copy in order to ensure the ability to prove the authenticity of the document at a later date. See, for example, the Ontario Electronic Commerce Act, which permits retention of electronic copies in lieu of original paper documents (ss. 8(1) and 12(1)), but excludes various classes of records from the scope of the statute, including documents required to be retained by a public body (s. 27(2)), documents of title (s. 31(2)), and wills, codicils, trusts created by wills or codicils, powers of attorney in respect of an individual, documents that create or transfer interests in land and require registration to be effective against third parties, negotiable instruments and documents that are prescribed or belong to a prescribed class (s. 31(1)). 15 The Electronic Commerce Act as well as other legislative and regulatory enactments relating to scanned images also impose process requirements for imaging, which generally require: (a) that the party retaining the scanned image be able to demonstrate reliably the continued integrity of the information contained in the scanned image; (b) that the imaged copy be in a format that accurately represents the information contained in the original paper document; and (c) that the imaged copy remain accessible and usable for 12 Canada Evidence Act, R.S.C. 1985, c. C-5, ss Evidence Act, R.S.O. 1990, c. E.23, s The CGSB offers copies of its standards documents for a small fee. For information on this standards document, and a link to the CGSB e-store where the standard may be purchased, see: 15 Electronic Commerce Act, S.O. 2000, c. 17
7 subsequent reference. 16 For best practices regarding the steps to be taken to meet these requirements, see Microfilm and Electronic Images as Documentary Evidence (CAN/CGSB ) prepared by the Canadian General Standards Board. 17 Law firms must also consider whether the paper records they propose to image are themselves subject to a litigation hold. If so, it will generally be impermissible (i.e., potentially sanctionable spoliation) to destroy the original paper documents. There are other retention issues that must also be considered before an imaging protocol is implemented within a law firm, such as applicable retention requirements relating to original paper documents that may be imposed in jurisdictions outside Ontario, and any special retention requirements relating to certain classes of paper documents that may be imposed by legislation. For example, both in Ontario and at the federal level, public archives legislation prohibits public bodies from disposing of paper records without the consent of the provincial or national archivist See, e.g., Electronic Commerce Act, S.O. 2000, c. 17, ss. 8 and 12, and the Canada Revenue Agency s Information Circular IC05-1, which addresses imaging requirements in order to comply with records retention obligations under the federal Income Tax Act, Employment Insurance Act and Canada Pension Plan. 17 The CGSB offers copies of its standards documents for a small fee. For information on this standards document, and a link to the CGSB e-store where the standard may be purchased, see: 18 See Archives and Recordkeeping Act, S.O. 2006, c. 34, Schedule A and Library and Archives of Canada Act, S.C. 2004, c. 11, s. 12(1)