On May 26, the Federal District Court for the Eastern District of Virginia ordered Capital One to produce its cybersecurity incident response report, rejecting the contention that the report was privileged. Capital One had contended that the report was prepared in anticipation of litigation following discovery of its March 2019 data breach, and therefore protected by the work product doctrine. The court concluded that the report had business and regulatory compliance purposes, and that Capital One failed to produce sufficient evidence showing that it would not have been produced in a “substantially similar form” in the absence of anticipated litigation.
Cybersecurity, Privacy, & AI
Trending Now
What Business Leaders Need to Know About Cybersecurity Certification and Enforcement in 2025–2026 • NRC Efficiency Plan to Reuse DOE, DoD Data Met With Skepticism • Closed Briefing Sets Stage For House Hearing On Anthropic’s Mythos and Cyber Risks • CISA, G7 Partners Release AI Software Bill of Materials Guidance • OMB to Refresh the Federal IT Dashboard
Federal Court Holds Outside Cybersecurity Response Report Not Privileged
QualityHD | Shutterstock
Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.