Preserving Privilege Before and After a Cybersecurity Incident (Part One of Two)

The attorney-client and work product privileges are powerful tools that assist companies in honestly examining cybersecurity gaps, preparing for incidents, and responding to breaches without concern that discussions and recommendations about a company’s vulnerabilities will be subject to future litigation.  Those privileges are “a way of fostering an open consideration of the issues without fear it will necessarily have ramifications,” Alexander Southwell, a partner at Gibson Dunn, told the Cybersecurity Law Report.  Preserving the privilege when preparing for a breach, however, is difficult unless a company properly distinguishes legal analysis from regular operational tasks.  This article, the first of a two-part article series, addresses steps companies should take to preserve privilege in pre-incident response planning and testing activities.  The second part will address how to retain privilege during post-incident response efforts.  

To read the full article

Continue reading your article with a CSLR subscription.