As we previously reported, the Magistrate Judge in In re: Capital One Customer Data Security Breach Litigation, found that a forensic report that Capital One had claimed was protected by the privilege and work product doctrines needed to be produced because Capital One had not met its burden under the dual-purpose doctrine to show that the report was protected. In re: Capital One Customer Data Sec. Breach Litig. (“Magistrate’s Order”). The forensic report at issue (the “Report”) related to a 2019 data breach where a hacker purportedly accessed and stole highly sensitive customer information from Capital One’s online cloud environment (the “Breach”). Capital One hired outside counsel to investigate the Breach and to help the company prepare for anticipated litigation and regulatory inquiries. To assist counsel’s investigation, outside counsel engaged a cybersecurity consultant (“Consultant”). As developed in the Magistrate’s Order, Capital One had used this same Consultant prior to the Breach in the normal course of its business.
privilege protection
Margaret Dale Explores Ways to Protect Privilege After Data Breach
By Margaret A. Dale on
Proskauer’s Vice-Chair of the Litigation Department and Minding Your Business blog editor, Margaret Dale was recently featured on Thomson Reuters’ Practical Law, where she explores ways that clients can protect privilege after a data breach. The first, “Protecting Privilege Basics,” identifies steps that can be taken by…