Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Focusing on the primary purpose: Protecting the attorney–client privilege and work product doctrine in incident response
Cyber Security: A Peer-Reviewed Journal,
5
(4),
324-334
(2022)
Abstract
Organisations responding to cyber security incidents must manage their incident response efforts while maintaining two critical legal protections: the attorney–client privilege and the work product doctrine. This paper analyses how the attorney–client privilege and the work product doctrine, when properly maintained, prevent information regarding an organisation’s thoughts and discussions from being disclosed or used in subsequent proceedings. It discusses how recent judicial decisions analysing the application of these two doctrines have emphasised the importance of seemingly minor details that may be overlooked during incident response efforts that can have significant consequences in subsequent legal actions when asserting protections. In particular, courts will focus on the stated purpose for any step in the incident response process (eg business versus legal), and any discrepancies between the stated purpose and conduct can have disastrous effects on future claims of protection in legal proceedings. This paper puts forward that organisations should craft incident response plans with the maintenance of these protections in mind. Practical steps organisations can take include carefully scrutinising the language in retainer agreements, involving in-house or outside counsel at the earliest opportunity, limiting the disclosure of privileged materials, and exercising caution when documenting during incident response. After-the-fact attempts to shield the results of any investigation from opposing parties in litigation are rarely successful, so organisations should take affirmative steps to ensure the vitality of these two critical legal protections from the earliest stages of incident response, which start with the planning and preparation.
Keywords: attorney–client privilege; work product doctrine; privacy; disclosure; incident response; protection
The full article is available to subscribers to the journal.
Author's Biography
Ashley Taylor Ashley L. Taylor, Jr. is a Partner at Troutman Pepper who focuses his practice on federal and state government regulatory and enforcement matters involving state Attorneys General, the Consumer Financial Protection Bureau and the Federal Trade Commission. Ashley has in-depth experience handling consumer protection issues and defends companies against a variety of enforcement actions brought by state and federal regulators, and in claims including marketing and advertising representations, statutory disclosures, unfair or deceptive acts or practices and data security breach response.
Ron Raether leads the Cybersecurity, Information Governance and Privacy group and is a Partner in the Consumer Financial Services practice group at Troutman Pepper. Ron is known as the interpreter between businesses and information technology and has assisted companies in navigating federal and state privacy laws for over 20 years. Ron’s understanding of technology leads him to be involved in legal issues that cross normal law firm boundaries, including experience with data security, data privacy, patent, antitrust, and licensing and contracts. This experience allows Ron to bring a fresh and creative perspective to data compliance issues with the knowledge and historical perspective of an industry veteran.
Sadia Mirza is a member of the Cybersecurity, Information Governance, and Privacy team at Troutman Pepper and dedicates her practice to counselling clients on cutting-edge privacy and cyber security issues. Clients turn to her for compliance counselling, pre-incident response planning and preparedness, and also call her when the first sign of a security incident/data breach appears. Given her years of experience coaching clients through security incidents, Sadia is heavily involved with data breach regulatory and litigation matters, which gives her a 360-view and understanding of the issues most important and relevant to her clients.
Sam Hatcher is an Associate in Troutman Pepper’s Business Litigation practice. He completed his Juris Doctor cum laude from University of Georgia School of Law, where he served as senior articles editor for the Georgia Journal of International and Comparative Law. Sam also competed in the Philip C. Jessup International Law Moot Court Competition and was a member of the E. Wycliffe Orr Inn of Court.
Bonnie Gill is an Associate in Troutman Pepper’s White Collar and Government Investigations practice. She represents clients facing state and federal regulatory investigations and enforcement actions, as well as related civil litigation. She also advises clients on internal investigations and corporate compliance.
