March 11, 2015 Articles

How to Preserve Privilege During Data Breach Investigations

What steps should a corporation take after a cyber attack?

By Leslie C. Thorne and Laurel D. Brewer

Every month, news reports emerge about another high-profile data breach. From Target to Sony, the recent increase in cyber attacks is impossible to ignore. But this raises the question: What are the steps that should be taken after the data breach occurs and a corporation is left to deal with the consequences? Of course, corporations are concerned with stemming the breach and investigating how the hack occurred. These tasks are obviously important, but an immediate, vital step can be overlooked: hiring legal counsel. While the affected company is a victim of a crime and should consider its remedies from that perspective, many breaches also subject the company to its own liability.

Depending on the circumstances, the targeted company may find itself a defendant in suits brought by everyone from consumers to shareholders to credit card companies. As soon as a breach occurs, companies should engage legal counsel to develop a legal strategy to deal with these various risks. But, equally important, immediately hiring a law firm enables the corporation to claim both attorney-client privilege and work-product protection from day one. By securing counsel early on and making that counsel an integral part of the investigation process, a corporation can limit the discovery into its investigations.

Premium Content For:
  • Litigation Section
Join - Now