The Hidden Comments Your Lawyer Didn't Delete

A partner at a mid-size firm sends a draft settlement agreement to opposing counsel as a Word document. The document looks clean. No visible comments, no colored markup, no strikethroughs. But buried in the file's tracked changes history is a comment from the partner to her associate: "Client will accept anything over $400K but push for $750K." Opposing counsel opens the document, clicks "Show Markup," and the entire negotiation is over before it starts. This happens regularly.

How Common Is This?

More common than anyone in the profession wants to admit. An industry survey found that 65% of law firms reported experiencing a metadata incident — a case where hidden document data was inadvertently disclosed to an unintended recipient. A separate study found that over 70% of legal documents shared externally contained metadata that the sender would not have wanted disclosed.

In practice, the real number is likely higher. Most metadata leaks are never discovered. Opposing counsel reads the hidden content, gains a strategic advantage, and says nothing. You never know it happened. The cases that become public are the tip of the iceberg.

What Leaks and Why It Matters

The types of hidden content that regularly appear in legal documents sent externally are remarkably damaging:

• Tracked changes showing deleted language. A contract provision that was removed during internal review reveals what your client originally wanted — and what they were willing to give up. If the final document deletes a non-compete clause, opposing counsel now knows your client considered it and decided they lacked leverage to demand it.
• Comments between attorneys. Internal margin comments often contain candid assessments: "Weak argument, include anyway," "Judge won't buy this," or "Client is being unreasonable here." These are devastating if disclosed. They reveal litigation strategy, internal confidence levels, and sometimes outright admissions about the weakness of your own position.
• Author and contributor information. Document properties show who created the file and who edited it. In a case where you represent that your client prepared a document, metadata showing it was authored by your paralegal three days before the supposed creation date can be extraordinarily damaging.
• Hidden text and embedded objects. Documents can contain hidden paragraphs, embedded spreadsheets with financial models, and linked objects that reference files on your firm's network. In one documented case, a draft expert report was sent to opposing counsel with the expert's original fee quote embedded as a linked Excel file.

The Ethics Obligations Are Clear

The legal profession has been aware of this risk for two decades, and the ethics guidance is unambiguous. ABA Formal Opinion 06-442 (2006) addressed metadata in electronic documents head-on, advising that lawyers have an obligation to take "reasonable steps" to remove metadata before sending documents. The Opinion frames it as a competence issue under Model Rule 1.1 and a confidentiality issue under Model Rule 1.6.

New York State Bar Association Ethics Opinion 749 (2001) was even earlier, warning lawyers about the risks of embedded metadata in electronic documents. The D.C. Bar issued Opinion 341 reaching similar conclusions. Florida Bar Opinion 06-2 specifically identified tracked changes as a metadata risk requiring attorney attention.

On the receiving end, ABA Formal Opinion 06-442 also addressed whether a lawyer who receives a document with inadvertent metadata may review it. The answer varies by jurisdiction — some bar opinions say you must notify the sender, others say the metadata is fair game — but the practical reality is that once the information is seen, it cannot be unseen. The damage is done.

Why PDFs Are Not Automatically Safe

Many lawyers believe that converting a document to PDF eliminates the metadata problem. This is only partially true. A PDF generated from a Word document will typically strip tracked changes and comments. But the PDF itself creates its own metadata: author name, creation date, modification date, software used to create it, and potentially much more.

There are documented cases where a PDF's "Author" field identified a paralegal at a firm that was supposedly not involved in the matter, where the creation timestamp contradicted representations made to the court, and where the "Producer" field revealed that a document presented as a client original was actually generated by the firm's document management system. PDF metadata is less voluminous than Word metadata, but it can be equally revealing.

What to Do Before Sending Any Document

Every document that leaves your firm should go through a scrubbing process. This should be policy, not discretion. Here is the checklist:

1. Accept all tracked changes. In Word, go to Review > Accept All Changes. This collapses the revision history into the final text and eliminates the ability to see what was added, deleted, or modified.
2. Delete all comments. Review > Delete All Comments. Do not assume that "resolving" a comment removes it — resolved comments may still be visible to the recipient depending on their settings.
3. Run the Document Inspector. In Word, File > Info > Check for Issues > Inspect Document. This scans for hidden content, custom XML, invisible content, headers/footers, and other data that is not visible in the normal editing view.
4. Convert to PDF. This eliminates Word-specific metadata, but creates PDF metadata that you must also address.
5. Scrub the PDF metadata. Use a metadata removal tool to strip the author, creation date, modification date, and any other document properties from the PDF before sending it.
6. Verify the final document. Open the PDF and check its properties. Confirm that no identifying metadata remains. If the document was supposed to be redacted, verify the redaction as well.

Make It Systematic, Not Heroic

The firms that avoid metadata incidents are not the ones with the most technologically sophisticated lawyers. They are the ones with a process. A standard operating procedure that every document goes through before it leaves the building. A checklist. A habit.

PDFb2's metadata tool lets you view and remove all document properties from a PDF in seconds, entirely in your browser. No upload to a cloud server, no third-party access to your client's documents. For any firm that takes document hygiene seriously — and every firm should — the last step before sending any PDF should be stripping its metadata. It takes ten seconds. The alternative is finding out from opposing counsel that your draft comments are now part of the case file.