Bar Exam Toolbox Podcast Episode 204: Listen and Learn -- Scope of Discovery and the Work-Product Privilege
Internal Investigations in the Asia-Pacific Region
Cyberside Chats: Preserving Legal Privilege After a Cybersecurity Incident
Jones Day Presents: Strategies for Dealing with the IRS: The IRS Examination
Day 15 of One Month to Better Investigations and Reporting-the Parameters of Privileges
Litigants in data breach class actions often fight over whether a data breach investigation report prepared in response to the breach is protected by the work-product doctrine. Common areas of dispute include whether the...more
Communication during a data breach is challenging in the best of circumstances, and control of information, especially early in a breach response, is critical. Below are some DOs and DON’Ts for communicating during a data...more
With the recent wave of ransomware and other security incidents, it is now more important than ever for impacted organizations to have a thorough understanding of each element of a proper data breach response. That includes...more
The last two Privilege Points have described yet another losing effort to protect a data breach investigation and related communications. In Leonard v. McMenamins Inc., Case No. C22-0094-KKE, 2023 U.S. Dist. LEXIS 217502...more
Last week’s Privilege Point described a data breach victim’s latest losing effort to claim privilege protection for its consultant’s investigation report. Leonard v. McMenamins Inc., Case No. C22-0094-KKE, 2023 U.S. Dist....more
Companies and even law firms suffer data breaches, and usually claim privilege and work product protection for the inevitable resulting investigation. Unfortunately, courts seem to have rejected such protection claims in all...more
Earlier this year, following oral argument and 16 amicus submissions, the Supreme Court dismissed as improvidently granted (“DIG”) a writ of certiorari on the issue of whether communications involving both legal and non-legal...more
In our last newsletter, we analyzed the reluctance of courts to apply privilege to the work of forensic computer consultants following data breaches. Here, we address often unavailing efforts to fit communications with...more
Cyber attacks are increasingly frequent and virulent. An intruder may lurk in a company’s computer system for years, or an attack may be sudden and catastrophic. Millions of people’s personal information and companies’...more
Organizations experiencing a security incident must grapple with numerous competing issues simultaneously, usually under a very tight timeframe and the pressure of significant business disruption. Engaging qualified service...more
Jerich Beason is joined by Melissa Parisi of Herbalife Nutrition and Caroline Morgan of Culhane Meadows to discuss the topic of retaining privilege after engaging a cyber attorney during or after a cyber incident. An...more
The Middle District of Pennsylvania recently rejected arguments that a report created in response to a data breach was protected as work-product and/or under attorney-client privilege because: The report’s Statement of Work...more
Another district court just ordered the defendant in a data breach class action to turn over the forensic report it believed was entirely protected from disclosure by the attorney-client privilege and work product doctrine....more
Let us assume a company has done all the right things. Preemptive security was a concern, so the company tightened up its written cybersecurity controls and associated technical controls, including policies and...more
In the wake of a data breach, counsel will often require the assistance of a forensic firm in order to provide legal advice to their client. The forensic analysis—which is often memorialized in a report to counsel—is crucial...more
In ongoing multidistrict litigation concerning Capital One’s 2019 data breach, Capital One succeeded in defeating a motion to compel disclosure of a privileged root cause analysis conducted by PwC. In contrast to an earlier...more
Our Privacy, Cyber & Data Strategy Team delves into how a federal court decided that a data breach forensic report was discoverable despite efforts to protect it under attorney-client privilege and work product protections...more
Selected Developments in U.S. Law - Fifth Circuit Decision Raises Cyber Enforcement Complications for the U.S. Department of Health and Human Services As the Biden Administration begins detailing its regulatory and...more
On January 12, 2021, the District Court of the District of Columbia was the latest court to grant a motion to compel production of a forensic report prepared by an external security-consulting firm in data breach...more
On January 12, 2021, the United States District Court for the District of Columbia joined the growing list of courts that have held that reports generated by third-party forensics firms in response to a cyberattack are not...more
- In ongoing multidistrict litigation concerning Capital One’s 2019 data breach, Capital One succeeded in defeating a motion to compel disclosure of a privileged root cause analysis conducted by PwC. - In contrast to an...more
The answer, maybe, but it depends on the facts in each case. Merely because a company has its outside legal counsel directly retain a third party service provider for an incident response, i.e., digital forensics, does not...more
On May 26, 2020, in In re Capital One Consumer Data Security Breach Litigation, MDL 1:19md2915 (E.D. Va.) the Federal District Court for the Eastern District of Virginia (Alexandria Division) (Anderson, J.) held that a...more
On June 25, a Federal District Court in Virginia (Anthony J. Trenga, U.S.D.J.) affirmed a Magistrate Judge's Order requiring Capital One to produce a vendor's post-breach forensic report to plaintiffs in a consumer class...more
On May 26, 2020, a United States Magistrate Judge in the Eastern District of Virginia ordered Capital One to disclose to class action plaintiffs a report prepared by Mandiant, a cyber forensics firm, for Capital One’s outside...more