If you need a reason to get your ducks in a row with the handling of electronic information, here’s your wake-up call.
It’s been a week since a lawyer disclosed the names of 50,000 of Wells Fargo’s customers and some of their personal financial information, in response to a subpoena. And ever since I first saw the story in the New York Times, I have had one question: what kind of jackass calls the New York Times and shows them the information AFTER the lawyer has recognized the issue and asked for the data back?
I mean, if the lawyer blew off the significance of the issue, okay. And yes, there are some confidentiality protections that could have been implemented more effectively, but she didn’t skip that issue entirely. You would risk ruining a lawyer’s career for what? Fifteen minutes of fame? I sincerely hope that you never make a mistake or need someone to give you a break in the future, because chances are good that you just blew it.
Now that is off my chest, let’s be real. If ever there was a time to use the word “epic” with “blunder,” this would be it. This is a lawyer’s worst nightmare. And, while it’s easy to sit back and criticize what happened here, I am quite sure that every single lawyer and legal support professional who has read about it had the same “there but for the grace of god go I” moment.
Every mistake has its built-in lesson, so here it is: if you need a reason to get your ducks in a row with how you are handling electronic information, here’s your wake-up call.
This situation could have been easily avoided with better processes and communication. I’ve had it happen with outside counsel recently — they didn’t realize there were still 200+ documents to review, and our PM let them know there was a set left to review. It wasn’t an issue because we were constantly monitoring the review. No one is perfect here.
So, how could this be avoided? I reached out to a few experts in the field to help me put together a list of 5 Tips on How to Avoid Your Wells Fargo Moment:
1. Remember, you get what you pay for. Now it may not be the case here, but clients always want to save on ediscovery-related costs, and rarely understand what takes so much time. Shawn Huston, of LSP Data Solutions, noted that these inadvertent production situations are not uncommon and often happen when a party is trying to cut corners. It takes time to review and re-review for QC, and time is money. This was a third-party subpoena, not a response by a party to litigation, so cost pressures might have been stronger here. Everyone in ediscovery knows and feels the weight of cost pressures. “Do the perfect job, and do it as inexpensively as possible” seems to be the mantra. Nothing like asking the impossible. And then asking for it to be even less expensive next time.
2. Make sure the team handling the review and production (lawyers, in-house IT and vendors) is experienced, knows the technology, and the potential pitfalls. Just from what we know, it sounds like the knowledge and experience were lacking in this instance, and this cannot be overlooked. The round number of 1,000 documents reviewed, no issues raised from the vendor about the lack of review or marking of the remainder of the documents being produced, and no confidentiality designations imposed — this all spells TROUBLE. Caroline Sweeney, Global Director of E-Discovery & Client Technology Services for Dorsey & Whitney, says says her normal practice is to withhold any production until the protective order or confidentiality agreement is in place, and potentially also seek a privilege clawback and FRE 502(d) order precluding parties from using privileged information. Sweeney also noted that technologies like auto-redaction/pattern matching tools allow you to automatically find Social Security numbers and redact that content. I’ve seen many situations where the lawyers are not up to snuff on what needs to be done for a production, and are saved by a great project manager. (See #5 below.)
3. Vendor/lawyer communication is critical and cannot be overlooked or done halfway. The lawyer here said she thought the vendor was going to do the redactions on the documents flagged to be redacted. That doesn’t make any sense, and it’s a great example of the required communication for success. How can a vendor be responsible for redacting documents when it doesn’t know what to redact? According to a Senior Discovery Attorney at an Am Law 100 firm, “Vendors generally operate at the direction of the legal team” and require “clear direction” to assemble a team and redact documents. Mean emails at 11 p.m. and treating your vendor horribly are not considered effective communication. And vendors, passive-aggressive behavior won’t win you favors and influence anyone to rehire you. You are a team, but a team is only as good as its weakest link.
4. You need processes in place for review, production and QC, and clear-cut responsibilities about who is doing each and to what level.Sweeney points out that while the lawyer here suggests the vendor erred in putting out the production, “there is a responsibility of the firm representing the client to ensure the vendor correctly follows procedures.” All three of my experts agreed that a spot check of the production would have uncovered these issues, if done thoroughly.
5. Do not underestimate the value of an amazing project manager, and make sure you have one on YOUR payroll. In my view, the vendor should have never let this production go out the door with unreviewed documents or asking whether confidential designations needed to be applied. A good project manager would have reviewed to make sure all documents had been tagged, reviewed (that shows up on the admin console, people), marked for redaction, actually redacted, and given any appropriate designations.
This stuff isn’t easy, folks. You need the right people who know what they are doing paying the right amount of attention. And you need to stop calling the New York Times when a colleague screws up. Grow up.
NEW: eDiscovery Events
I’ve heard from many of you that you can’t keep track of the great events happening around the country. So, I’ll try to start mentioning some of them here. Send me an email with the details of the event, and I’ll check it out and include it if it makes sense for ATL.
While you fill up my inbox, you can register for the second edition of eDTalks, sponsored by Georgetown Law and Exterro. The event is a series of three eDTalks, in the style of TEDTalks. I’ll be speaking on The Power of ESI to Tell a Story, Ron Hedgesof Dentons will talk about the admissibility of ESI, and Robert Keeling of Sidley will discuss predictive coding. You can register here. We start at 2:30 EDT/12:30 CDT TODAY, August 1st.
This article first appeared on Above the Law.