Wells Fargo apologizes for spilling trove of data on wealthy clients

In what can only be described as a true awh-shucks moment, Wells Fargo & Co finds itself offering apologies to approximately 50,000 Wells Fargo Advisors clients whose information was inappropriately shared by Wells Fargo outside counsel, Angela Turiano of Bressler Amery Ross, to an ex-Wells Fargo employee’s attorney, Allen Miller, as part of the electronic discovery (e-discovery) response to a subpoena request for information.

While it is possible that the 50,000 clients’ accounts were all part of the fraternal squabble and litigation between one of the Sinderbrand brothers (Gary Sinderbrand, an ex-employee, and Steven Sinderbrand, an active Wells Fargo financial advisor) and Wells Fargo over the payment of commissions and fees in support of these high-end investors, that’s a lot of data to mishandle.

To create a disk with 1.4GB of data (which equates to approximately 14,000 documents) is not an insignificant electronic litigation support task.

We learn from the New York Times that the unidentified “vendor” conducting the e-discovery process was thrown under the bus by Wells Fargo’s outside attorney, Turiano, in her email to Miller in which she addresses the error.

We went through a long process of a very large email review with an outside vendor with instructions on exclusion which was spot checked. Clearly there was some type of vendor error — which I am confirming now.

How e-discovery is supposed to work

For those unfamiliar with how the e-discovery process works within a large enterprises, let’s review. A request is made by opposing counsel – often in the form of a subpoena. The request is reviewed for appropriateness and scope, and then determination is made as to the existence of the data. Once the data is identified, if appropriate, the data is pulled and isolated.

Once isolated, a work copy is created (preserving the original) and then the data is painstakingly reviewed for applicability specific to the outstanding request.

Then the information is compiled and shared with the requesting party in the most secure manner available.

How it worked in this instance

In this instance, accepting Turiano’s explanation, the information was identified and isolated, and compiled. Indeed, she notes the process included a laborious email review and guidance provided to their vendor on exclusions. Then the information was “spot-checked”.

The non-excluded information was then copied to the disk (1.4GB) and provided to opposing counsel. The information, according to the NYT, which reviewed the data firsthand, includes customer names, social security numbers, financial details, portfolios and fees which the bank charged the clients.

Wells Fargo, damage control

Wells Fargo, once notified, went into crisis control mode, given that Miller had shared the information with the NYT and has not return it to Turiano. Wells Fargo filed suit to compel Miller to return the information that had been mistakenly shared by their outside counsel, Turiano.

Wells Fargo then acknowledged the e-discovery error, saying:

We take the security and privacy of our customers’ information very seriously. Our goals are to ensure the data is not disseminated, that it is rapidly returned, and that we ensure the discovery process going forward in the cases is working as it should.

Does this happen often?

Thankfully it doesn’t, even though the e-discovery process is challenging for companies, regardless of size.

A high-profile case that  had its genesis in an inadvertent provision of material during the discovery process involved Hilton Hotels & Resorts Worldwide and Starwood Hotels in 2009-10. Hilton’s attorneys provided information to Starwood in support of a compensation case between a former Starwood employee, who was now a Hilton employee.

When the information arrived at Starwood, the team there discovered that the attorney had provided boxes of documents containing the entire plan for Starwood’s W-hotel concept. The ensuing corporate espionage case brought to a halt Hilton’s Denizen brand. The 100,000-plus documents stolen by the two departing Starwood employees were returned, and according to the New York times, Starwood received $75m in compensation and $75m in hotel management fees from Hilton.

The task of performing discovery within corporations is not for the faint of heart, especially in the age of electronic data. Use of third party-vendors and outside counsel is quite normal.

The ERDM (electronic records document management) requirements in support of litigation are arduous for companies of all sizes. While it is one thing to identify the existence of items germane to given litigation, it is another to process the information.

Companies would be well served to have in place an audit capability for both inside and outside counsel (and vendors) to ensure there is visibility into the ERDM and e-discovery process from beginning to end, with emphasis on accomplishing the process in the most secure manner possible.


from Naked Security – Sophos http://bit.ly/2h5GnbN
via IFTTT

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s