Bar Exam Toolbox Podcast Episode 204: Listen and Learn -- Scope of Discovery and the Work-Product Privilege
Internal Investigations in the Asia-Pacific Region
Cyberside Chats: Preserving Legal Privilege After a Cybersecurity Incident
Jones Day Presents: Strategies for Dealing with the IRS: The IRS Examination
Day 15 of One Month to Better Investigations and Reporting-the Parameters of Privileges
With the recent wave of ransomware and other security incidents, it is now more important than ever for impacted organizations to have a thorough understanding of each element of a proper data breach response. That includes...more
The last two Privilege Points have described yet another losing effort to protect a data breach investigation and related communications. In Leonard v. McMenamins Inc., Case No. C22-0094-KKE, 2023 U.S. Dist. LEXIS 217502...more
Companies and even law firms suffer data breaches, and usually claim privilege and work product protection for the inevitable resulting investigation. Unfortunately, courts seem to have rejected such protection claims in all...more
Cyber attacks are increasingly frequent and virulent. An intruder may lurk in a company’s computer system for years, or an attack may be sudden and catastrophic. Millions of people’s personal information and companies’...more
Jerich Beason is joined by Melissa Parisi of Herbalife Nutrition and Caroline Morgan of Culhane Meadows to discuss the topic of retaining privilege after engaging a cyber attorney during or after a cyber incident. An...more
The Middle District of Pennsylvania recently rejected arguments that a report created in response to a data breach was protected as work-product and/or under attorney-client privilege because: The report’s Statement of Work...more
Another district court just ordered the defendant in a data breach class action to turn over the forensic report it believed was entirely protected from disclosure by the attorney-client privilege and work product doctrine....more
In ongoing multidistrict litigation concerning Capital One’s 2019 data breach, Capital One succeeded in defeating a motion to compel disclosure of a privileged root cause analysis conducted by PwC. In contrast to an earlier...more
Our Privacy, Cyber & Data Strategy Team delves into how a federal court decided that a data breach forensic report was discoverable despite efforts to protect it under attorney-client privilege and work product protections...more
Selected Developments in U.S. Law - Fifth Circuit Decision Raises Cyber Enforcement Complications for the U.S. Department of Health and Human Services As the Biden Administration begins detailing its regulatory and...more
On January 12, 2021, the District Court of the District of Columbia was the latest court to grant a motion to compel production of a forensic report prepared by an external security-consulting firm in data breach...more
- In ongoing multidistrict litigation concerning Capital One’s 2019 data breach, Capital One succeeded in defeating a motion to compel disclosure of a privileged root cause analysis conducted by PwC. - In contrast to an...more
On May 26, 2020, in In re Capital One Consumer Data Security Breach Litigation, MDL 1:19md2915 (E.D. Va.) the Federal District Court for the Eastern District of Virginia (Alexandria Division) (Anderson, J.) held that a...more
On June 25, a Federal District Court in Virginia (Anthony J. Trenga, U.S.D.J.) affirmed a Magistrate Judge's Order requiring Capital One to produce a vendor's post-breach forensic report to plaintiffs in a consumer class...more
A May 26, 2020 order by U.S. Magistrate Judge John F. Anderson (E.D. Va.) that attorney work product protection did not preclude production of a forensic vendor's data breach investigation report to plaintiffs in the Capital...more
The United States District Court for the Eastern District of Virginia (Court) has held that a cyber-forensic investigation report was not protected by the attorney work product doctrine and ordered Capital One to produce it...more
In an unprecedented ruling, one federal court recently held that the work product doctrine does not protect the expert cybersecurity report prepared after a data breach. The court ordered the release of the unredacted...more
Requires More than Merely Adding Counsel’s Name to a Forensic Report. Technical investigations conducted following cyber-incidents often have both legal and ordinary-course business purposes. In certain jurisdictions,...more
With significant input from Orrick’s Cybersecurity, Privacy and Data Innovation team, the influential Sedona Conference and its Working Group 11 last week published important guidance on the application of the attorney-client...more
With cybercrime on the rise, organizations have increasingly found themselves subject to litigation or regulatory investigations related to breaches. Documents and information created before breaches, such as security...more
Despite considerable incident response work after numerous alleged data breaches, very few opinions have addressed the application of attorney-client privilege and the work-product doctrine to the materials created by such...more
Those following developments in the data breach litigation space will be interested in the recent decision, In re Experian Data Breach Litigation (In Re Experian), where the California District Court upheld a privilege claim...more
A recent opinion from the District Court for the Central District of California in In re Experian Data Breach Litigation offers some examples of best practices for establishing the work-product privilege over certain...more
One of the most significant questions in data security law is whether reports created by forensic firms investigating data breaches at the direction of counsel are protected from discovery in civil class action lawsuits. ...more
In this edition of our Privacy and Cybersecurity Update, we take a look at the Trump administration's executive order outlining its cybersecurity plans, Acting FTC Chairwoman Maureen Ohlhausen's comments on the possible...more