In ongoing multidistrict litigation concerning Capital One’s 2019 data breach, Capital One succeeded in defeating a motion to compel disclosure of a privileged root cause analysis conducted by PwC. In contrast to an earlier ruling requiring Capital One to turn over a similar root cause analysis conducted by cybersecurity expert Mandiant, the court found that Capital One’s general counsel engaged PwC through a distinct and legally privileged representation to assist the company with its fiduciary and legal duties in anticipation of litigation. As these rulings show, privilege determinations vary widely, but adhering to best practices can maximize the chance of avoiding disclosure.
Top 10 Checklist for Cybersecurity Forensic Investigation Reports
By: Natasha G. Kohne
