Metadata: Hidden Electronic Information With Hidden Risks

With the recent turbulence in the markets, your firm receives its first lawsuit for unsuitable client transactions. During the discovery process, your firm produces a document which contains valuable information for the claimant. From this document, opposing counsel ascertains which parties wrote the document, how many revisions the document went through and unveils private comments made during the authoring process that are contrary to the produced document. How could this information damage your case? If the document has the “comments feature” on when you send the document to opposing counsel, are you breaching a duty by inadvertently sharing confidential internal discussions with the other side? These are some of the hidden risks associated with today’s metadata.

What is Metadata, and How Does it Affect Discovery?

Metadata is data about data. It is a feature in nearly all computer software which creates a history of hidden information relating to all electronic information created or stored on that software. In the case of a word-processed document, the words and formatting visible on the document are data but this is not the only information which is created and saved.

Every time a key or an icon is pressed in the creation of the document, the software records what key is pressed, who pressed it and when. This information is metadata.

Most processing software includes menu commands which allow one to view both metadata and any text changes, including deletions. Consider the significance of this discovery in the following hypothetical.


In October 2007, a firm’s portfolio committee sends an internal memorandum to its traders stating that it is approving a new strategy to sell shares in company XYZ and purchase shares in company ABC. The memorandum contains a list of clients who currently have large positions in company XYZ which need to be liquidated.

Contrary to the firm’s market outlook, over the next several weeks, shares in company ABC decrease in value while shares in company XYZ increase in value.

In March 2008 following significant drops in portfolio performance, a firm portfolio committee member overwrites the previous memorandum’s data to provide the following recommendation:

“It appears the firm made a significant strategic mistake in recommending the sale of XYZ and purchase of ABC. We need to amend this strategy before our clients lose more money.”

After the memorandum is delivered to the CIO, she decides this language could be potentially damaging to the portfolio management team. Therefore, she overwrites the document so it only contains basic instructions for the portfolio management team to sell ABC and buy XYZ as soon as possible.

One month later, a disgruntled client sues the firm for a significant amount of money due to the significant drop in portfolio performance. During the discovery process, the client’s lawyers ask to see electronic copies of all internal communications between portfolio committee members and the traders to determine whether the team deviated from its investment strategy, guidelines and restrictions.

The firm delivers electronic copies of the October 2007 and March 2008 memorandums to disgruntled client’s lawyers. Opposing counsel uses metadata software on the memorandums and uncovers the list of firm clients who held XYZ along with the portfolio manager’s admission that the firm made a significant mistake. Upon its findings, opposing counsel initiates a class action lawsuit and decides to introduce this metadata into court. The class thereafter institutes another claim against the firm for breaching confidentiality by not proactively removing metadata as part of its ordinary business practices.

How the Firm Can Protect Itself

On August 5, 2006, the Standing Committee on Ethics and Professional Responsibility in Formal Opinion 06-442 reaffirmed that the ABA model Rules of Professional Conduct (for attorneys) “do not contain any specific prohibition against a lawyer’s reviewing and using embedded information in electronic documents.” While jurisdictions may offer different opinions on the use of metadata, as a fiduciary it is prudent to take proactive steps to protect your firm and its clients. In the past, litigants have attempted to protect themselves by “scrubbing” all metadata out of their documents before sending them to their opponent in response to a discovery request. However, recent legal decisions have held that if a party is ordered to disclose electronic documents “as they are maintained in the ordinary course of business,” that party must deliver the electronic documents to the requesting party with the metadata in tact [if it is not their customary practice to remove it from all documents].[1]

Just as there are programs to find metadata, there are programs that habitually remove it as soon as it is created. For example, Microsoft Office XP and 2003 offer a metadata removal add-in program. If an advisory firm periodically removes metadata in this way, it is likely they will not be in breach if they deliver electronic documents to opposing counsel without metadata since that is how documents are maintained “in the ordinary course of business.”

As your firm tests its books and records and privacy safeguard policies and procedures this year, consider the impact of metadata and whether enhanced processes are required for your business model. For more information, please contact us at (619) 298-2880.

Author: Michelle Jacko, Managing Partner, Jacko Law Group, PC (“JLG”). JLG works extensively with investment advisers, broker-dealers, investment companies, hedge funds and banks on legal and regulatory compliance matters.

For more information about this topic and other legal services, please contact us at (619) 298-2880, or visit Thank you.

This article is for information purposes and does not contain or convey legal advice. The information herein should not be relied upon in regard to any particular facts or circumstances without first consulting with a lawyer.

[1] David W. Garland and Lynne Anne Anderson, Preservation and Production: Don’t Forget the Metadata, PRIVACY & DATA SECURITY LAW JOURNAL, February 2006.

Leave a Reply

Your email address will not be published. Required fields are marked *