On May 26, the District Court found In Re: Capital One Consumer Data Security Breach Litigation that a report prepared by Mandiant concerning the Capital One data breach was not protected by the work product privilege and must be turned over to the plaintiffs, on the grounds that it was not substantially different from a routine security investigation, even though it was commissioned by outside counsel. Jeffrey Heuer suggests measures to take to avoid this situation, such as reviewing past work relationships to ensure that post-breach engagements are not too similar to routine work, and even hiring separate firms for litigation and breach mitigation.
Cybersecurity, Privacy, & AI
Trending Now
Agriculture Department Kicks Off $300M Palantir Deal on IT, National Security Work • Vercel Attack Fallout Expands to More Customers and Third-Party Systems • Seeing the Cyber in Economic Statecraft • Responding to a Data Breach: How to Preserve the Attorney-Client Privilege • NIST Cyber Center to Launch OT ‘Visibility’ Project
Breach Report In Capitol One Litigation Not Privileged
QualityHD | Shutterstock
Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.