The data about data.
Metadata is information that is used to describe the data that is contained within a digital file or other type of content. The NIST Computer Security Resource Center (CSRC) defines metadata as “information describing the characteristics of data”. Metadata is effectively data withing data that helps provide context or additional information such as file type, dates, system information and tags.
There are two major types of metadata critical to the operation of many computer systems. Structural metadata describes data structure such as the codes read by a system to accept or authorize the use of a particular file type. Descriptive metadata describes the data content such as is used to identify components of files such as a file’s creation date/time or its use in security operations.
How is metadata related to eDiscovery?
Metadata is critical to eDiscovery in that it comprises the hidden areas of a digital document and is used by parties to define electronically stored information that is used as evidence in legal matters.
Metadata is used to help determine the dates and times of documents, the author information and the systems to which files are native. Metadata in eDiscovery is as important, and sometimes more important, than the content of a document when it comes to discovering the facts of a case. Many times legal disputes will succeed or fail based on the preservation of documents, and critically, proving some fact based on a document’s metadata.
Many eDiscovery software platforms rely on exposing metadata as part of their features to ensure the broadest viewing of a document. For example, when attorneys review documents as part of the discovery phase of litigation, metadata such as speaker notes in PowerPoint presentations and hidden cells or formulas in digital spreadsheet files are brought to life and exposed as part of that legal review.
The Federal Rules of Civil Procedure, backed by case law require that documents are produced in a usable form and in a complete, not altered state. Indeed, spoliation claims may arise if documents are altered or destroyed including the destruction of metadata. As an example, a document may be deemed to be incomplete, and therefore in violation of eDiscovery rules if its content is intact but its author information or dates are missing. A good example is an email that is produced without the To or From fields or without the Sent date information.