Though it quickly recovered, Bank of America's share price declined earlier this week on speculation that the company is the bank whose internal documents WikiLeaks intends to post on the Internet at some future date. According to news reports, the WikiLeaks founder Julian Assange has asserted that he has five gigabytes of Bank of America documents, which translates to roughly 600,000 pages of information. Assange has asserted that the documents to be disclosed contain highly damaging information.
Assange is a master of bombastic overstatement (as well as a world champion self-promoter). But let's assume for the sake of discussion the documents are as revealing as Assange has tried to suggest and also assume that the documents do relate to Bank of America.
The WikiLeaks disclosure of internal company information potentially could have a couple of immediate litigation related impacts. First, to the extent relevant, the documents could affect the vast of amount of litigation that is pending against Bank of America as a result of the company's takeover of Merrill Lynch or relating to other business activity before and during the financial crisis. It is entirely possible the revelations could aid the plaintiffs in these various cases.
On the other hand, and to the extent the documents relate to events or activities about which there has previously been no prior company disclosure, the WikiLeaks disclosure potentially could lead to entirely new litigation unrelated to existing cases. Were that to occur, the lawyers for the prospective plaintiffs' complaint drafting would be substantially aided by the disclosures of internal company documents.
The potential revelation of internal company documents that were never intended for public consumption could also lead to a wide variety of other types of claims. If the company were to be harmed in some way by the ultimate revelation - say, for example, by a stock price drop or by reputational damage - shareholders might well file claims against senior company officials for failing to implement controls to prevent this kind of disclosure or for misrepresenting the quality of controls that were in place.
Depending on the type of information revealed, there could be other types of claimants. For example, customers, vendors or competitors about whom damaging information is revealed could well file suits seeks damages for the company's failure to prevent the revelations.
It is one thing to consider these possibilities exclusively within the context of the threatened disclosure of Bank of America documents. It is something else entirely to consider the possibility that the threat of this type of guerilla disclosure of internal corporate documents represents a new and serious exposure for all companies. After all, what Assange is now threatening to do to Bank of America could be repeated against other companies by other zealots who somehow get access to internal communications.
At a minimum, it seems likely that companies and their senior executives may be mobilized to undertake vigorous new efforts to prevent future information leaks of this type. The problem for everyone is that, in the U.S. at least, we have proven to have a peculiar talent for overreacting to the most recent security breach. Due to this phenomenon, the unsuccessful efforts of the shoe and underwear bombers have managed to make air travel excruciatingly unpleasant. Corporate (over)reaction to the threatened WikiLeaks disclosure could lead to the imposition of information security constraints that could may daily life for corporate technology users extremely inconvenient and unpleasant.
But beyond the potential operational effects, the threat of this type of information disclosure event could also represent a new category of corporate executive exposure. Shareholders and others may expect company officials to prevent this type of disclosure from happening and may hold the officials accountable if information disclosures occur. Finally, persons whose interests are harmed by disclosures of internal company information could seek to hold the company and its senior executives liable of harm that might arise from this type of disclosure.
It is of course entirely likely that none of these things will ever come to pass. But even if the threatened WikiLeaks disclosure never happens or represents something less than threatened, these risks are still out there lurking in the realm of possibilities.
Put these issues down as one more damned category of things to worry about.
Read the article in its entirety at the D&O Diary, a blog by Kevin LaCroix