Wells Fargo is yet again in a crisis. This time an Attorney hired by Wells Fargo inadvertently releases trove of data on some of its most wealthy clients. How could this happen, you may ask? For international businesses, especially Japanese companies operating in North America, understanding this Wells Fargo fiasco should cause alarm. In the US, there is a system called electronic discovery, or E-Discovery for short. Before discussing the system, let’s spend a few moments discussing some general facts about this Wells Fargo data breach.
The story began when a lawyer for Gray Sinderbrand, a former Wells Fargo employee, submitted a subpoena to the court. The beginning of the process started with the submission of a subpoena to the court to order Wells Fargo to produce electronic evidence relevant to the allegation. In the United States there is a pre-trial procedure in a lawsuit called E-Discovery in which each party can obtain evidence from the other party. In the case of Wells Fargo, the plaintiff filed a request for disclosure of evidence and the defendant, Wells Fargo, submitted the document in response to that request. However, this time, Wells Fargo submitted a trove of confidential information pertaining to 50,000 ultra-high-net-worth clients by accident. The disclosure was a mistake, as it turned out. Nonetheless, the data was produced to the other side.
As someone who once worked directly with a Japanese billionaire, this story immediately caught my attention. I attended to his family office and managed over a billion dollars by using financial institutions in Japan, the US and Europe. When this story broke the news, I immediately thought about how this would impact my previous boss and his family assets. This is very sensitive information but as a result of this Attorney, (or her vendor) resulted in a massive breach of client information.
The Wells Fargo story teaches us about the importance of proper quality control, data management and E-Discovery competence. What if this was a major Japanese institution or a global pharmaceutical and outside counsel inadvertently disclosures sensitive trade secrets?
Disclosing Japanese Documents
The Wells Fargo data breach demonstrates the failures on the part of Wells Fargo’s outside counsel, Angela Turiano, in understanding the basics of E-Discovery. Even if Wells Fargo’s Attorney was not to blame, there is a basic responsibility on the part of the Attorney to ensure that if they lack the expertise, that they should seek the proper personnel to assist. In an affidavit filed with the court, she explains the situation this way:
“Unbeknownst to me, the view I was using to conduct the review has a set limit of documents that it showed at one time… I thought I was reviewing a complete set, when in fact, I only reviewed the first thousand documents.”
Let’s See the Story from a Different Angle
43 companies, 64 people, and over 2.9 billion dollars in penalties. Do those numbers ring a bell? For those wondering what all this means, let me explain.
These numbers represent the number of automobile-related companies prosecuted by the United States by cartel action enforcement, the number of Japanese nationals who were indicted and the total amount in fines in US dollars. This is just in the auto-parts cases. If you add semiconductors and pharmaceutical companies that are also subject to investigation and prosecution by the US authorities and subsequent follow-on class actions, the amount of money spent on litigation fees, vendors to manage E-Discovery and settlement, the numbers are astronomical.
Based on these circumstances in recent years, Japanese companies operating in the United States have been trying to understand the various laws that govern business transactions in the United States, especially anti-trust laws and particularly this foreign concept known as discovery. As it turns out, the discovery support business in the US is a multi-billion-dollar industry. While most information related to US discovery and the management of documents that inevitably get exchanged during litigation or investigation related discovery concerns the technology used to sort and process data, very little is discussed as it relates to the human review and categorization of the electronically stored information (known as ESI). This process is often overshadowed by the admittedly sexier discussion on topics like AI, Internet of Thinkgs (IoT), blockchain technologies or Analytics. My observation is that no matter how successful your technology-based application, there will be a need for a quality-oriented review workflow that will require bilingual eyes on documents. In other words, a professionalized services operation that leverages existing technologies to review and categorize large volumes of sensitive data.
Avoiding the Wells Fargo Mistake
Let’s briefly return to the Wells Fargo case. The data that Wells Fargo’s outside counsel sent to the plaintiff side was approximately 1.4 gigabytes. In today’s world of big data, this is a very small corpus of data. Think of this 1.4 gigabytes in a different perspective. Allow me to convert this data set into actual number of documents for purposes of illustration.
The ratio of the data size and the document numbers very due to the file format and some other aspects. I will model my analysis from a report published by John Tredennick, CEO of Catalyst, to help understand how many documents a particular gigabyte may contain. In a nutshell, a gigabyte is approximately 4,000 to 5,000 documents. Assuming this to be the case, the actual number of documents in 1.4 gigabytes is rather manageable. Perhaps 1 or 2 Attorneys can properly review and quality control such a small corpus. In the Wells Fargo case, the Attorney stated that: “I thought I was reviewing a complete set, when in fact, I only reviewed the first thousand documents.” To add insult to injury, there were no confidentiality protection or redaction of client information. As a result, all this data on Wells Fargo’s wealthy clients was produced.
Imagine a case where the amount of data to review is a couple hundred gigs and in Japanese. This number is not unusual, especially considering the amount of data that is created daily by large corporations by way of emails, internal chats, Line messaging, reports, memos, PowerPoint presentations, etc. Unfortunately, the reality of document review (the reviewing of corporate documents) is little known in both the United States and Japan. What I mean by this assertion is that the actual process of assembling teams, quality controlling their work and assessing general aptitude is simply assumed to occur. This may be the case in English, but I can say that in non-English matters, I’m afraid this does not happen in practice. In my next post we will discuss the role of document review, but more particularly non-English document review. The Wells Fargo case illustrates that even in a small data set, there are major mistakes that happen, even with English-language documents. One can only imagine when you’re handling foreign language data such as Japanese or Chinese.