On July 20th, a lawyer from Bressler, Amery & Ross representing Wells Fargo was notified that confidential information on some of the bank’s wealthiest clients had mistakenly been produced without redaction, and without a confidentiality agreement in place. Furthermore, the CD-ROM was released by the receiving party to the New York Times, which resulted in front page headlines. As one would expect, a whole lot of cross finger pointing occurred between the attorney and her client’s eDiscovery vendor which included a frantic attempt to claw back the information and prevent further distribution. Since I am not a party to the issue, I can only assume that the relationship must be strained between the law firm and the vendor.
The Wells Fargo’s discovery data breach is an example of preventable problems that arise in the eDiscovery process. The litigation is between two brothers, over allegedly unpaid commissions. One brother, Gary Sinderbrand is a former adviser at the bank’s brokerage firm. He sued his brother Steven, who is a a current Wells Fargo adviser, accusing him of defamation and breach of contract. They had formerly shared a book of business.
As part of his discovery request, Gary Sinderbrand subpoenaed emails from the bank. The production received from Wells Fargo contained far more information than just emails. According to the New York Times, who reviewed the production that Gary received, it Included “copious spreadsheets with customers’ names and Social Security numbers, paired with financial details like the size of their investment portfolios and the fees the bank charged them”. Personal and confidential information was not redacted as required and no protective order was in place to limit how the receiving party could use the data.
The Core Issues
When they realized that improper information had been released, the Wells Fargo team said that clearly an error had occurred in the data release and they requested that the CD be returned so that the material could be redacted. In the affidavit filed by Wells Fargo’s attorney there were two key sections of note:
1) The release of the private client information to the New York Times “created a significant risk of harm to Wells Fargo customers” and that the breach was being used by Sinderbrand as a bargaining chip, since he had allegedly reached out to Wells Fargo in attempt to profit from the released data; and
2) The outside counsel in charge of the production stated that she had “misunderstood” the role of the third party vendor hired to work on the discovery and further did not understand the technology begin used in the case. Documents went unreviewed and documents flagged for redaction were not redacted.
Lessons to be Learned
While this case will likely not be resolved for a long time, we needn’t wait for final resolution to understand how to prevent these events from occurring again. As it has unfolded, this nightmare is something that should keep lawyers up at night….. But only if they haven’t educated themselves about technology and put proper procedures and processes in place. While this was certainly a failure of due diligence on the part of the law firm – in fact the attorney admitted to mismarking confidential materials and performing only a minimal amount of quality control on the work product, that was not the sole reason for this failure.
Depending on your role in the industry; some software providers are pointing the sole finger at “complicated” technology as the problem, software trainers believe that poor legal training is the issue and litigation consultants believe that the primary cause was the lack of definable processes that resulted in a poor work product. Since I don’t have a direct dog in this fight, I believe that everyone is right, and that everyone is wrong. It is highly likely that this problem occurred as the result of a multi-headed hybrid failure in all three categories of work.
Successful eDiscovery is a combination of People, Processes and Technology and each component is equally important to execution. In this instance, it is the failure to understand the “Perfect Storm” that will occur repeatedly when all three conditions are not treated with equal respect. All litigation requires Pre-planning to be executed properly and yet planning is something that law firms often don’t feel is necessary and commit minimal resources to.
Don’t get me wrong, technology solutions are often complicated and many in the industry are working to simplify the tools to help eliminate mistakes. But not matter how “simple” the solutions are advertised to be, there is no “Easy” Button in eDiscovery. Technology will always require expertise to use them properly, and if lawyers don’t want to take the time to become experts themselves (many will never be comfortable in the technology arena), they need to align themselves with consultants and partners that do have the expertise. eDiscovery software is just another tool to be used by attorneys; it is not a solution in and of itself. Like any tool, it requires education on the part of attorneys in order to be used properly. And a large part of using a tool is to understand where it fits into the process of litigation.
I view the solution to problems like these is not rocket science. It is the application of a three pronged effort between People, Process and Technology which we already know will work if implemented. In the end, the law is practiced by lawyers and that will never change. Legal judgments will never be replaced by computers, even if and when Artificial Intelligence becomes yet another tool in the field of legal technology. So we need to better educate and train attorneys from both the bar and private providers. And attorneys need to understand that ultimately they are responsible for the work of all their vendors and subcontractors and therefore they must be engaged in all steps of the process. But we need to recognize that most lawyers will never become technologists and therefore the role of consultants will continue to be important both to implement project processes and understand how to use the tools properly. And technology needs to continue to get easier to use and understand, so that the legal “team” does not repeat events similar to the Wells Fargo disaster.