Expert Opinion

Courts have sometimes ruled that forensic investigations of a breach are protected by the rules of attorney-client privilege or work-product protection, and therefore, are shielded from the discovery process. However, a Virginia district court ordered Capital One to release cybersecurity reports and documentation following a data breach. Taft attorneys offers suggestions businesses and their legal teams […]

Recently a federal court compelled production of a breach report performed by an incident response consultant, calling into question the scope of protection by attorney-client privilege and/or work product doctrine, for data breaches and possibly other corporate investigations. Kelley Drye discusses the background and rationale that led to the Court’s finding, and offers advice concerning […]

As the July 1 CCPA enforcement date looms, Baker Donelson’s Alexander Koskey identifies some notable items that your business should be thinking about for the CCPA: Disclosures regarding the collection and use of personal information Privacy policies Service providers Financial incentives Procedures for handling consumer requests Your employees The applicable scope of exemptions More at […]

The European Data Protection Board has issued a statement on the adoption by the Hungarian government of derogations from certain data protection and access to information provisions of the European Union’s General Data Protection Regulation. It states that “even in these exceptional times, the protection of personal data must be upheld in all emergency measures,” […]

In the detailed summaries of comments to the final California Consumer Privacy Act regulations, responses from the California Office of the Attorney General indicate that some of the areas and issues flagged in the comments may warrant additional, future regulations. Areas include the scope of the law, clarity in the definition of “sale” and other […]

In Emirate Distributors Ltd v. AALL & Zyleman Co Ltd, Hong Kong’s High Court considered the standard of the duty of care owed to the two plaintiff companies in a cyberfraud by the defendant management and secretarial service company and its three employees, who were also nominee directors of the plaintiffs. Although the directors were […]

The U.S. medical and pharmaceutical industries have long been targets of cyber espionage, but the current health crisis substantially raises the threat for a variety of reasons. The most obvious reason is the value of COVID-19 related research, whether related to a vaccine or otherwise. Less obvious is the risk that companies may let their […]

In a letter to California’s Attorney General, a group of businesses and trade associations cited the COVID-19 crisis as having “encumbered businesses in their earnest efforts” to create CCPA compliant programs, and requested a delay in enforcement, which the AG denied. The group Californians for Consumer Privacy has announced the submission of more than 900,000 […]

The Belgian Supervisory Authority fined a politician €5,000 for sending political marketing materials without an appropriate legal basis. Although the fine was not massive, the case is interesting because the complaint was brought not by the individuals who received the marketing materials, but by their employer, whose employee list the politician had acquired. The legislative […]

Legal observers have reacted with surprise to recent decisions finding that the work-product doctrine did not apply to a report written by a forensic investigation firm that had been engaged by a law firm on behalf of their client. Baker Hostetler argues that while there are legitimate grounds for criticizing the analysis behind these decisions, […]