Skip to content
BatesStamp
Volume III · Article 02

Bates-Stamping Confidential Documents.

Filed · Practice Advisory
Reading · 5 min
Rule · ABA Model Rule 1.6

Lawyers have an ethical duty to safeguard client data. Yet, during discovery, sensitive files are routinely uploaded to free, unvetted online PDF converters. Let's look at the security risks involved and best practices for protecting your client's privilege.

The Security Risk of Free Online Converters

When a paralegal or attorney needs to quickly stamp a set of PDFs and doesn't have Adobe Acrobat Pro handy, they often turn to search engines. Querying "free online bates numbering" yields dozen of tools. But there is a catch: almost all of them require uploading your files to their remote servers.

Once your files leave your computer and travel across the internet to a third-party server:

  • You lose control: You do not know how long the server stores your confidential litigation documents, who has access to them, or what security safeguards are active on their host servers.
  • Metadata Exposure: PDFs can contain hidden metadata, comments, and revision histories that may be exposed to the server operator.
  • Breach Risks: Third-party databases are high-value targets for hackers. A breach of a PDF converter platform could expose sensitive medical records, intellectual property, or trade secrets.

Model Rule 1.6 and the Duty of Technology Competence

The American Bar Association (ABA) Model Rule 1.6(c) states: "A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client."

Under the Duty of Technology Competence, lawyers must understand the risks and benefits associated with relevant technology. Simply using whatever tool appears first on Google without evaluating its data transmission behavior does not satisfy this duty.

Uploading confidential discovery materials to an unverified web server is an avoidable compromise of client confidentiality.

A Modern Standard: Client-Side Processing

Fortunately, advances in modern browser capabilities have made remote file uploading obsolete for simple PDF utilities. Using client-side JavaScript, files can be manipulated, annotated, and stamped entirely within the sandbox of the browser tab.

To ensure compliance:

  1. Verify Offline Support: A truly client-side application will continue to work even if you disconnect your internet connection entirely after loading the page.
  2. Check Network Logs: Using browser developer tools, verify that no PDF bytes or file content are being sent to external APIs during processing.
  3. Advocate for Institutional Compliance: Inform your firm's IT department about browser-only tools that require no local installation or administrative overhead.

BatesStamp is designed with a strict zero-upload architecture. Stamping is done entirely client-side, protecting client privilege and ensuring compliance with Model Rule 1.6.

→ Add Private Bates Stamps Now← Back to Articles