With the looming threats of post-breach litigation and regulatory enforcement actions, preserving privilege in connection with a company’s cybersecurity efforts – both before and after an incident – is critical to encouraging openness in assessing and addressing a company’s vulnerabilities. Unless companies take the proper steps, however, communications and other documentation that could have been protected by the attorney-client and work product privileges will be open to discovery. The first part
of the Cybersecurity Law Report’s series on preserving privilege addressed pre-incident response planning and testing activities. This article, the second part of the series, addresses how to retain privilege during post-incident response efforts.