Data Breach incidents are a continuing threat to modern commercial activities. Almost every company of every size is affected by data breach. Large companies are obvious targets due to the size, nature and scope of their data collection practices. Similarly, small companies that often serve as vendors are targeted as gateways into larger companies and government agencies. Data breach is the modern equivalent of employment lawsuits that developed in the 1970’s and 80’s. Every company needs to be familiar with the laws and implement procedures to reduce liability.
The good news with respect to data breach incidents is that the attorney-client privilege and attorney work product doctrine are powerful tools that companies can use to effectively and honestly examine their cybersecurity holes, prepare for breaches and respond to breaches without providing evidence that could be used to establish liability. This is very important because most companies have serious security gaps and poor security hygiene. Without the protection of privilege, companies would be stuck in the classic Catch 22.