Trust but Verify When It Comes to Digital Redactions

The Bencher—January/February 2020

By Kevin F. Brady, Esquire

Redaction missteps leading to a major and embarrassing revelation in a high-profile case seem to be a recurring issue. At the beginning of 2019, the headlines were about lawyers for the former Trump campaign manager, Paul Manafort, botching a redaction of information for a court filing. In the latest episode, a reporter was able to retrieve information protected by grand jury secrecy rules from a court filing, which a team from the Jones Day firm had reviewed to confirm the grand jury testimony had been redacted. 

In addition to the embarrassment of having exposed protected information, in some cases disciplinary consequences are possible, as attorneys in Illinois and Kentucky learned for failing to redact personal information in court filings properly.

Redaction of information is a process that occurs hundreds of times each day in law firms and at vendors across the country. That fact, however, does not mean that performing the task is simple or that errors will not occur. For example, in the recent case in which Jones Day is representing a pharmaceutical company accused of fraudulently marketing a prescription opioid, the attorneys handling the matter had blacked out the protected text and then done a print-to-pdf (using Word and Adobe Acrobat). A reporter copied the boxes of blacked-out text from the court filing and pasted to a new document on which the underlying text appeared. (The same technique was used in the Paul Manafort case.) The faulty redactions described grand jury testimony and said four grand juries had heard testimony from 79 witnesses before returning an indictment against the pharmaceutical client.

Jones Day did not seek to excuse the error but explained in a letter to the court that a “technical weakness in the redaction process was caused by the method of redaction [using Microsoft Word and ‘printing’ to Adobe PDF], rather than the redaction software our law firm has in place that is specifically designed to avoid such issues” and that “the failure to use this software was inadvertent oversight.”*

Under Rule 1 of the Model Rules of Professional Conduct, lawyers are required to understand and manage the risks associated with the use of technology. In addition, Rules 1.6 and 1.15 require attorneys to preserve the client’s confidential information. Perfection in handling digital information may not be attainable, but repeated mistakes like those described in this article highlight the increasing technological complexity attorneys face and the need for vigilance to avoid mistakes that might be characterized as demonstrating a lack of competence and result in claims for attorney malpractice or discipline.

While it is easy to be a Monday morning quarterback, the reality is that there are many lawyers and law firms who do not have an IT or litigation support team on staff to explain the not-so-obvious risks associated with technology. Many lawyers have small institutional clients that may not have a general counsel, an IT staff, or individuals with the expertise to understand the risks.

What these cases teach is that to minimize the risk of embarrassment, disclosure of information entitled to protection, or even ethical ramifications, it is critically important to understand what options exist for doing redactions correctly, executing the chosen option carefully, and double-checking the result.

The Model Rules establish that it is counsel’s responsibility to understand legal and technical issues associated with managing even simple tasks involving digital information. In this connection, it is imperative that you or a competent consultant understands how the software—even software as ubiquitous as Word or Adobe Acrobat—functions and, more importantly, its limitations. At the very least, for redacted documents, follow the “trust but verify” approach: Take a sample of your redactions, copy them, and paste the redacted (blacked-out) information into a new document to see if you can see the redacted text.

With the increase in state privacy laws and federal regulations regarding the management and disclosure of confidential personal information, the challenges to manage information properly, and redact where necessary, will continue. Understanding and assessing the risks associated with any technology you use, especially technologies that others have struggled to use properly, is one of the keys to successfully managing your data and complying with your ethical obligations.

Kevin F. Brady, Esquire, is of counsel in the firm of Redgrave LLP in Washington, DC. He is a member of the Richard K. Herrmann Technology AIC in Wilmington, DE.