Kim Peretti will speak on the panel “That’s Secret—Can a Forensic Report be Protected as a Privileged Work Product?” during this conference.
When an organization is subject to cyberattack, its counsel must determine the nature and scope of the incident to assess the extent of the organization’s legal risk and potential liability—civil and regulatory. Counsel relies on the forensic report to make these determinations and advise the client as to its reporting obligations. Plaintiffs will seek to use the forensic report to bolster arguments that the organization’s negligence enabled the successful attack and resulting compromise. Since the organization’s counsel will use this report to guide the client to meet its obligations, the report could be asserted to be protected from disclosure to plaintiffs as attorney-client privileged and attorney work product if counsel had directly engaged the forensic investigators and requested the preparation of the resulting forensic report. However, in May 2020, the U.S. District Court for the Eastern District of Virginia compelled CapitalOne to provide its forensic report to plaintiffs even though CapitalOne’s counsel had engaged the forensic firm that had performed the investigation. And, in January 2021, the U.S. District Court for the District of Columbia rejected arguments that law firm Clark Hill PLC’s forensic report was protected by work product and attorney client privilege and compelled its production to plaintiff. What went wrong?
This session will discuss the factors that have dissuaded courts from considering the reports to be protected work product or attorney-client privileged and will suggest steps that may increase the likelihood of a different result. In addition, it is also common for the organization to use the forensic report as a means of identifying the vulnerabilities that were exploited so that it can mitigate those vulnerabilities. Can the same forensic report serve both purposes and still remain privileged? This session will discuss how it may be possible to establish that the primary purpose of the report is to support the legal activities of counsel even though the report will also guide counsel’s client in mitigating the vulnerabilities that were exploited in the attack.
For more information or to register, click here.