The last two Privilege Points have described yet another losing effort to protect a data breach investigation and related communications. In Leonard v. McMenamins Inc., Case No. C22-0094-KKE, 2023 U.S. Dist. LEXIS 217502 (W.D. Wash. Dec. 6, 2023), the court denied the company’s privilege and work product claims — specifically rejecting its efforts to
Tom Spahn
Tom practices as a commercial litigator. He regularly advises Fortune 500 companies on such high-stakes issues as properly creating and preserving the attorney-client privilege and work product protections when conducting corporate investigations, when hiring outside consultants, when dealing with the government, and during other daily and extraordinary situations. He also advises in-house counsel on ethics issues, including conflict of interest, confidentiality, and dealing with corporate wrongdoing.
Can Any Data Breach Investigation Report Deserve Protection? Part II
Last week’s Privilege Point described a data breach victim’s latest losing effort to claim privilege protection for its consultant’s investigation report. Leonard v. McMenamins Inc., Case No. C22-0094-KKE, 2023 U.S. Dist. LEXIS 217502 (W.D. Wash. Dec. 6, 2023). Before bluntly rejecting McMenamins’ privilege claim, the court spent more time analyzing its work product claim…
Can Any Data Breach Investigation Report Deserve Protection? Part I
Companies and even law firms suffer data breaches, and usually claim privilege and work product protection for the inevitable resulting investigation. Unfortunately, courts seem to have rejected such protection claims in all but a few cases. Most of the other data breach victims have tried to emulate two of the winners, but have failed.
In…
Another Company Loses a Data Breach Investigation Work Product Claim
One might think that any company reasonably anticipates litigation after suffering a data breach, so the work product doctrine would almost inevitably protect its data breach investigation. But only a handful of companies have succeeded in claiming such protection.
In In re Rutter’s Data Security Breach Litigation, Civ. A. No. 1:20-CV-382, 2021 U.S. Dist.…
Data Privacy Day 2021: Privacy and Cybersecurity Are On Our Minds, Too
Data privacy is a top concern for many in-house legal professionals – and for good reason – data privacy and cybersecurity legal requirements are complex and continually evolving. Data Privacy Day is a great day to start addressing your organization’s data privacy and cybersecurity needs.
On Data Privacy Day 2021, here is what is top of mind for some of our Data Privacy & Security Team members:
- Andrew Konia – A Federal Privacy Law: “Calls (pleas?) for federal privacy legislation are nothing new, and last year we came close, with both parties presenting draft bills for consideration (surprise, neither passed!). But now, with the White House and both chambers of Congress under Democratic control, there appears to be renewed (and more serious) interest in a federal privacy law. We have seen (admittedly narrow) hints of the federal government taking a stronger stance on cybersecurity standards with the IoT Cybersecurity Improvement Act of 2020, which applies to federal agency purchases. But you take the recent and intense backlash on “Big Tech’s” use/sharing of data and perceived lack of data transparency, and mix in the Biden Administration’s prioritization of consumer protection generally, and you have the recipe – and a strong political appetite – for a comprehensive federal privacy law.”
- Bethany Lukitsch – California: “CPRA will be here before we know it, and most companies are going to have a lot to do to get ready. Updating privacy policies and adding ‘do-not-share’ links are one thing, but as with CCPA, it’s the behind-the-scenes work that is really going to take some time. It’s certainly not too early to get started.”
Continue Reading Data Privacy Day 2021: Privacy and Cybersecurity Are On Our Minds, Too
Putting Lawyers in Charge of Investigations Does Not Assure Privilege Protection
Corporations’ investigations generally deserve (1) privilege protection only if the corporations are primarily motivated by their need for legal advice; and (2) work product protection only if they are motivated by anticipated litigation, and the company would not have created the investigation-related documents in the same form but for that anticipated litigation.
In In re…