Guarding privilege and work product protection are important objectives for investigating companies following a cybersecurity breach. Efforts to maintain confidentiality and privilege, however, are often at odds with the disclosure sought by law enforcement. In a three-part guest article series addressing privilege, Eric J. Gorman and Brooke A. Winterhalter, Skadden partner and associate, respectively, closely examine the interplay between the attorney-client privilege and work product protection on the one hand, and cooperation with the government on the other. This second installment analyzes these issues, and identifies certain steps that companies may wish to take, including strategic negotiation of the information-sharing scope, to try to minimize the risk, and/or extent, of a waiver of the privilege or work product protection while cooperating with the government. See also “Attorney-Consultant Privilege? Key Considerations for Invoking the Kovel Doctrine (Part One of Two)” (Nov. 16, 2016); Part Two (Nov. 30, 2016); “Target Privilege Decision Delivers Guidance for Post-Data Breach Internal Investigations” (Nov. 11, 2015); and “Preserving Privilege Before and After a Cybersecurity Incident (Part One of Two)” (Jun. 17, 2015); Part Two (Jul. 1, 2015).