A financial institution has asked a Virginia federal court to overturn a magistrate judge’s order to disclose its forensic report, detailing its 2019 data breach. If your company experiences a data breach, it is imperative to immediately retain outside counsel who understands the nuances of cybersecurity events and attorney work product privileges. Here we provide the following practical takeaways:
- Ensure that your outside counsel retains a cybersecurity vendor with which you have no preexisting relationship.
- Consider preemptively retaining a second cybersecurity firm for litigation-related investigations.
- Change your approach to vendors with a preexisting relationship.
- Use the report only for litigation purposes, and limit its disclosure to necessary individuals.
- Pay for litigation-related cybersecurity services from your litigation or legal budget.
Details of this case and steps to help ensure that your forensic report is privileged are available in the post, Capital One Objects to Magistrate Judge’s Ruling Its Forensic Report Discoverable: Here are the Practical Takeaways, on our new sister blog, Consumer Privacy World, Squire Patton Boggs one stop shop consumer privacy litigation news.