While the attorney-client privilege generally applies to communications between an attorney and a client for the purpose of seeking or rendering legal advice, no approach to preserving privilege in an audit or internal investigation will be “bulletproof,” cautioned Michael B. Hayes, a partner at Montgomery McCracken. In a recent program sponsored by Strafford CLE Webinars, Hayes and Baker Donelson shareholder Kenneth E. McKay took a deep dive into how and when privilege and attorney work product protections apply in connection with internal investigations and audits and the critical issues that arise when claiming those protections. We present the key takeaways from their presentation. In an upcoming article, we will further address the privilege issue with our in-depth analysis of a Virginia federal magistrate’s ruling in In Re: Capital One Data Security Breach MDL that a cybersecurity firm’s incident report is discoverable. See “Preserving Privilege in Communications Involving In-House Counsel” (Feb. 27, 2019).