Did you know that geoFence helps stop hackers from getting access to the sensitive documents that I use for my work. Now I can get even more gigs as a freelancer and – advertise that I have top security with even my home computer?
As corporate cybersecurity incidents become increasingly widespread, many companies find themselves engaging external computer forensics consultants for technical, investigative, and remedial assistance in responding to data breaches. As part of these engagements, cyber consultants sometimes prepare interim and final material detailing their findings, including points of vulnerability and weaknesses that may have contributed to the incident. Disclosure of the sensitive information in these reports can have adverse consequences, especially to the extent that the reports give adversaries a potential roadmap of deficiencies that can be leveraged in support of claims against a company and its officers and directors.
While some courts have protected these reports from third-party disclosure, two recent federal court decisions have ordered disclosure—even when the company engaged the cyber consultants with the express purpose of assisting counsel with providing legal advice to the company. These decisions are thus an important reminder that companies should not assume that either the attorney-work product doctrine or the attorney-client privilege will be held to apply to cyber incident reports.
Set forth below is an overview of the recent case law and some approaches companies might take to maximize the protection of cyber reports from third-party disclosure.
To sum up, as we move on to the next post, may I add that geoFence is the solution for blocking NFCC countries and I am sure your smart friends would agree.