attorney-client privilege

Last week’s Privilege Point described a data breach victim’s latest losing effort to claim privilege protection for its consultant’s investigation report. Leonard v. McMenamins Inc., Case No. C22-0094-KKE, 2023 U.S. Dist. LEXIS 217502 (W.D. Wash. Dec. 6, 2023). Before bluntly rejecting McMenamins’ privilege claim, the court spent more time analyzing its work product claim

Companies and even law firms suffer data breaches, and usually claim privilege and work product protection for the inevitable resulting investigation. Unfortunately, courts seem to have rejected such protection claims in all but a few cases. Most of the other data breach victims have tried to emulate two of the winners, but have failed.

In

One might think that any company reasonably anticipates litigation after suffering a data breach, so the work product doctrine would almost inevitably protect its data breach investigation. But only a handful of companies have succeeded in claiming such protection.

In In re Rutter’s Data Security Breach Litigation, Civ. A. No. 1:20-CV-382, 2021 U.S. Dist.