Follow Us

Law.com Subscribers SAVE 30%

Call 855-808-4530 or email GroupSales@alm.com to receive your discount on a new subscription.

Cybersecurity E-Discovery Litigation Technology Media and Telecom

Are Your Post-Breach Forensic Reports Privileged?

A Trend Is Emerging

The Central District of California recently joined the small growing list of courts that have held forensic reports created by outside security companies following a data breach are protected from disclosure in civil litigation in certain circumstances.

X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.

The Central District of California recently joined the small growing list of courts that have held forensic reports created by outside security companies following a data breach are protected from disclosure in civil litigation in certain circumstances. In the case In re Experian Data Breach Litigation, 15-01592 (C.D. Cal. May 18, 2017), Judge Andrew J. Guilford held that a forensic report created by the security firm Mandiant at the direction of Experian’s outside counsel, Jones Day, qualified as trial preparation material (or “work product”) under Federal Rule of Civil Procedure (FRCP) 26(b)(3) and denied a motion to compel its production. Experian is only the third case to result in a ruling addressing these important questions. While all three rulings protected forensic reports from disclosure, the analysis in each case was highly fact-dependent. Judge Guilford’s reasoning in Experian addresses several key issues not directly raised in those other cases and sheds light on several others.

Read These Next