With the looming threats of post-breach litigation and regulatory enforcement actions, preserving privilege in connection with a company’s cybersecurity efforts – both before and after an incident – is critical to encouraging openness in assessing and addressing a company’s vulnerabilities.  Unless companies take the proper steps, however, communications and other documentation that could have been protected by the attorney-client and work product privileges will be open to discovery.  The first part of the Cybersecurity Law Report’s series on preserving privilege addressed pre-incident response planning and testing activities.  This article, the second part of the series, addresses how to retain privilege during post-incident response efforts.